Difference between revisions of "Multi-factor Authentication"
From MgmtWiki
(→References) |
(→References) |
||
Line 7: | Line 7: | ||
# [http://www.w3.org/TR/2018/CR-webauthn-20180320/#api Web Authentication: An API for accessing Public Key Credentials Level 1] defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. | # [http://www.w3.org/TR/2018/CR-webauthn-20180320/#api Web Authentication: An API for accessing Public Key Credentials Level 1] defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users. | ||
# [https://github.com/martinpaljak/x509-webauth/wiki/WebAuth WebAuth] an effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context. | # [https://github.com/martinpaljak/x509-webauth/wiki/WebAuth WebAuth] an effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context. | ||
+ | |||
+ | [[Category:Glossary]] | ||
+ | [[Category:Authentication]] |
Revision as of 12:37, 2 July 2018
Full Name and Scope
Originally known as Two-factor Authentication, this concept covers a wide range of technologies designed primarily for strong assurance as to the either the real-world identity, or at least a persistent identity, for purposes of establishing the authorization from an individual to a online resource of some type.
References
- W3C Credential Management Level 1 describes an imperative API enabling a website to request a user’s credentials from a user agent, and to help the user agent correctly store user credentials for future use.
- U2F
- Web Authentication: An API for accessing Public Key Credentials Level 1 defines an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.
- WebAuth an effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context.