VeriSign is to create an open standards architecture for
strong authentication across the internet.
The initiative, called the Open Authentication Reference
Architecture (Oath), is intended to replace the patchwork of
proprietary products for user authentication and provisioning
already used on the internet, allowing users to access services on
corporate networks and the web seamlessly.
Strong authentication is a term that describes multifactor
authentication, usually combining a physical item such as an access
card or token with a secret password for users to access network
resources.
The architecture will be 90% based on open standards such as
LDAP (Lightweight Directory Access Protocol) and Radius (Remote
Authentication Dial-In user Service).
The effort will also rely on co-operation from leading software
and hardware makers, said Mark Griffiths, vice-president of
authentication at VeriSign.
A universal authentication service launched by VeriSign as part
of the Oath architecture will use VeriSign's Atlas (Advanced
Transaction Look-up and Signaling) directory and database
technology to provide an internet-wide authentication network
service.
Atlas was developed by VeriSign and matches requests for web
pages up with the internet protocol addresses of the host web
servers on the company's DNS (domain name system) servers.
Using Oath, organisations can use VeriSign's Atlas service for
user authentication on the public internet. Authentication is
usually performed by systems running within the enterprise,
Griffiths said.
Oath will solve a number of problems hampering the growth of
internet commerce and new services, he added.
Problems such as online identity theft, the proliferation of
insecure and unwieldy user passwords and the high cost of
implementation for strong authentication technology could all be
resolved with an internet-wide authentication service such as
Oath.
"The internet needs a strong security architecture to reach the
next level. We're at a point where we believe that, as an industry,
we can create a tipping point. This is an opportunity for people to
change the Internet," he said.
Hardware and software companies from mobile phone manufacturers
to identity management software makers will be able to integrate
with the Oath architecture. That will encourage those companies to
build open strong authentication features into their products
without worrying that doing so will make it impossible for them to
work with other platforms and applications.
VeriSign is working with portable device manufacturers to build
open authentication tokens into their products.
In the future, users will be able to log on to a variety of
services, including e-mail, web-based e-commerce sites and
telecommunications services, using a common password and
authentication token embedded in a portable USB device, smart
card, mobile phone or PDA.
Other suppliers also signalled support for the service at RSA,
including user authentication software maker ActivCard and smart
card company Gemplus.
Version 1.0 of the Oath service will be launched later this
year, and will work with Microsoft's Active Directory services and
support hardware and software credentials such as PKI (public key
infrastructure) and OTP (One Time Password authentication).
Another release will support other platforms and LDAP-compliant
directory services, including those by IBM and Sun
Microsystems.
Paul Roberts writes for IDG News Service