1 / 5

Authentication System: build it to be this way and to do these things…

Authentication System: build it to be this way and to do these things…. Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University. NMI Tutorial February, 2004.

medge-moore
Download Presentation

Authentication System: build it to be this way and to do these things…

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication System: build it to be this way and to do these things… Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University NMI TutorialFebruary, 2004

  2. Open sourced and/standards compliant - we have too many different operating systems to get locked into a proprietary solution • Well-supported (see above) • High availability/reliability • Scaleable to >150,000 principles • Not burdensome supporting <5000 principles • Multi-factor: plug-in locally-determined methods • Logging -- minimally, the date, time, source IP, username’; remote logging (e.g., to loghost) • No password passing; or at least strong encryption of the password in transit • Passwords not stored at all, or at least stored one-way encrypted

  3. Facility for users to change their own passwords; forces various formatting requirements • Facility for users to change their own passwords, if they don’t know the old password • Opportunity to configure with password expiry, history, and intruder lockout • Authentication protocol should an open standard • Facility for managing users, passwords, and associated metadata, both by people and by other systems • Authentication should be two-way: ClientService, ServiceClient

  4. Support separate authentication zones, with configurable trust relationships • Both the authentication and management services should provide clear APIs

  5. Authentication System: build it to be this way and to do these things… Mark S. Bruhn, CISSP, CISM Chief IT Security and Policy Officer Office of the Vice President for Information Technology and CIO Indiana University NMI TutorialFebruary, 2004

More Related