50 likes | 59 Views
This tutorial explains the features and requirements of an authentication system that is open sourced, standards compliant, scalable, and reliable. It emphasizes the need for multi-factor authentication, secure password management, and configurable trust relationships.
E N D
Authentication System: build it to be this way and to do these things… Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University NMI TutorialFebruary, 2004
Open sourced and/standards compliant - we have too many different operating systems to get locked into a proprietary solution • Well-supported (see above) • High availability/reliability • Scaleable to >150,000 principles • Not burdensome supporting <5000 principles • Multi-factor: plug-in locally-determined methods • Logging -- minimally, the date, time, source IP, username’; remote logging (e.g., to loghost) • No password passing; or at least strong encryption of the password in transit • Passwords not stored at all, or at least stored one-way encrypted
Facility for users to change their own passwords; forces various formatting requirements • Facility for users to change their own passwords, if they don’t know the old password • Opportunity to configure with password expiry, history, and intruder lockout • Authentication protocol should an open standard • Facility for managing users, passwords, and associated metadata, both by people and by other systems • Authentication should be two-way: ClientService, ServiceClient
Support separate authentication zones, with configurable trust relationships • Both the authentication and management services should provide clear APIs
Authentication System: build it to be this way and to do these things… Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University NMI TutorialFebruary, 2004