Upcoming Events

A Network Computing Webcast:
SSDs and New Storage Options in the Data Center

March 13, 2013
11:00 AM PT / 2:00 PM ET

Solid state is showing up at every level of the storage stack -- as a memory cache, an auxiliary storage tier for hot data that's automatically shuttled between flash and mechanical disk, even as dedicated primary storage, so-called Tier 0. But if funds are limited, where should you use solid state to get the best bang for the buck? In this Network Computing webcast, we'll discuss various deployment options.

Register Now!


Interop Las Vegas 2013
May 6-10, 2013
Mandalay Bay Conference Center
Las Vegas

Attend Interop Las Vegas 2013 and get access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest tech.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

OATH: One Token To Rule Them All

Posted by Avi Baumstein
February 09, 2008

We've long known that multifactor authentication provides stronger security over simple passwords, but a limited number of options, cost, interoperability issues, and the dread that IT pros feel at the idea of issuing users multiple tokens have put a damper on deployment. With its recently released Reference Architecture 2.0, the Initiative for Open Authentication, or OATH, hopes to allay these misgivings with an open standard to bring strong authentication to applications and services.

The operative word here is "standard." Systems based on OATH's architecture allow for interoperability among user tokens and a variety of services requiring authentication. The ultimate goal: a single token compatible with any number of services from different providers. This is a fantastic idea, but it's currently possible only in a limited way. Because the current token implementation is event-triggered, if a token is used with unconnected services, the event count for those services will not match the state of the token, causing authentication to fail. The only way to make the system work is for all services to use the same validation back end, thereby keeping token state consistent. One such service is VeriSign's Verified Identity Protection, or VIP. Charles Schwab and eBay are two high-profile users; customers need only a single token to authenticate to these and other VIP-managed online services.

THE LOWDOWN

THE PROMISE
A standard for interoperable, strong authentication focusing initially on one-time passwords, with the goal to make secure authentication less expensive and ultimately pervasive.
THE PLAYERS
Most industry notables--AOL, Entrust, IBM, and VeriSign--and many lesser-known authentication specialists. Conspicuously absent is market leader EMC/RSA, which favors its proprietary SecurID.
THE PROSPECTS
Online service providers, especially financial services firms, are eager to beef up security in light of federal guidelines that encourage use of two-factor authentication. A standards-based approach that lowers costs and speeds implementation is attractive, and OATH seems to fit the bill. But the big question is whether tokens can really solve the problem of online fraud.

For every open standard there are proprietary alternatives, and strong authentication is no exception. While RSA has been the closed-system market leader for quite a while, the multifactor authentication space is getting crowded. Entries include WiKID, which uses a mobile phone-based software token, and PhoneFactor, which sends an authentication code to users' phones. Still, this is one area where the open alternative has a real shot. OATH's membership list is large and varied. Besides VeriSign, the latest spec is integrated into products from AOL, BMC, Citrix, Entrust, Hewlett-Packard, IBM/Tivoli, Imprivata, SanDisk, and many more.

A BETTER WAY


Page:  1 | 23  | Next Page »


Related Reading

News

Commentary

Most Popular

On the Web

More Insights

White Papers

More >>

Webcasts

More >>

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 
IaaS Providers
Cloud Computing Comparison
With 17 top vendors and features matrixes covering more than 60 decision points, this is your one-stop shop for an IaaS shortlist.
IaaS Providers

Research and Reports

The Virtual Network
February 2013
Network Computing: February 2013

Video


WATCH: Bob Metcalfe Plans Ethernet's 40th

WATCH: CES 2013: It's A Wrap!

WATCH: Intel shows off eye tracking and gesture tech


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Upcoming Events

Featured Whitepapers

 
 
What's this?
More >>


Featured Reports

 
 
What's this?
More >>


BlogRoll

TechWeb Careers