Difference between revisions of "Progressive Authentication"

From MgmtWiki
Jump to: navigation, search
(Context)
(Context)
Line 8: Line 8:
 
An anti-use case was discovered when the NSA funded the Blacker
 
An anti-use case was discovered when the NSA funded the Blacker
  
When mobile device became common it was early realized that the blacker solution was not feasible and progressive authentication was proposed<ref>Oriana Riva +3 ''Progressive authentication: deciding when to authenticate on mobile phones'' Published in: Proceedings Security'12 Proceedings of the 21st USENIX conference on Security symposium Pages 15-15 Bellevue, WA August 08 - 10, 2012, http://feihu.eng.ua.edu/NSF_CPS/year1/SP_paper1.pdf</ref> for mobile devices and later specifically for Android devices.<ref>Jeffrey Warren, +3, ''Progressive Authentication on Android'' https://css.csail.mit.edu/6.858/2013/projects/jtwarren-vkgdaddy-vedha-vvelaga.pdf</ref>
+
When mobile device became common it was early realized that the blacker solution was not feasible and progressive authentication was proposed<ref>Oriana Riva +3 ''Progressive authentication: deciding when to authenticate on mobile phones'' Published in: Proceedings Security'12 Proceedings of the 21st USENIX conference on Security symposium Pages 15-15 Bellevue, WA August 08 - 10, 2012, http://feihu.eng.ua.edu/NSF_CPS/year1/SP_paper1.pdf</ref> for mobile y devices and later specifically for Android devices.<ref>Jeffrey Warren, +3, ''Progressive Authentication on Android'' https://css.csail.mit.edu/6.858/2013/projects/jtwarren-vkgdaddy-vedha-vvelaga.pdf</ref>
 +
 
 +
An alternative definition of progressive authentication is a suite of authentication tests which can be selected to be run at a single time with a trust vector that can be tested by the authorization service.
  
 
==Problems==
 
==Problems==

Revision as of 20:21, 14 June 2018

Full Definition or Meme

When the exact nature of the user request is unknown, it is best to authentication in the least obtrusive manner, which is typically not at the highest level they might need later in the interchange.

Context

Then general use case[1] is where trust elevation must occur during the

An anti-use case was discovered when the NSA funded the Blacker

When mobile device became common it was early realized that the blacker solution was not feasible and progressive authentication was proposed[2] for mobile y devices and later specifically for Android devices.[3]

An alternative definition of progressive authentication is a suite of authentication tests which can be selected to be run at a single time with a trust vector that can be tested by the authorization service.

Problems

Solutions

References

  1. Tom Jones Trust Elevation Use Case https://wiki.idesg.org/wiki/index.php?title=Trust_Elevation_Use_Case
  2. Oriana Riva +3 Progressive authentication: deciding when to authenticate on mobile phones Published in: Proceedings Security'12 Proceedings of the 21st USENIX conference on Security symposium Pages 15-15 Bellevue, WA August 08 - 10, 2012, http://feihu.eng.ua.edu/NSF_CPS/year1/SP_paper1.pdf
  3. Jeffrey Warren, +3, Progressive Authentication on Android https://css.csail.mit.edu/6.858/2013/projects/jtwarren-vkgdaddy-vedha-vvelaga.pdf