Access Control

OATH (Open Authentication)
Alvin Claxton
Grantham University

Abstract

The need for stronger authentication methods on line has never been in more demand than at present. There are many services that provide security and authentication while on line or to verify who is the end user. With the rise of identity theft among other cyber crimes, the need for stronger authentication is greatly needed. This written assignment will define, describe and explain OATH (Open Authorization) as a preferred choice for authentication method and the benefits of OATH.

Strong authentication on the World Wide Web is an ongoing process that requires advanced software and technology to identify an end user and making sure they are who they say they are. The alarming and escalating reports of online identify theft has all end users worried about their PII online and has sparked the industry to put in place stronger and more comprehensive methods of online security measures.
After researching both user authentication framework processes, I have decided in favor of OATH (Open Authentication). OATH is used more widely by industries than SAML and has some features and benefits that are not favorable with SAML. SAML tends to be more organizational and serve large groups rather than smaller or more independent infrastructures. It provides stronger authentication, offers more hardware choices, has the lowest cost of ownership, it supports many mobile and is designed to integrate with existing platforms and infrastructures.
OATH is being used and endorsed by companies like IBM, Axalto, Gemplus and VeriSign, who is a large leader in the online webpage security process. It delivers strong authentication to build open communities where end users and all devices are strongly authenticated, while providing for interoperability and possibility of federated identities. They are dedicated to provide low cost multi-function authentication devices such as smart/cell phones, PDAs and tablets. Users are always concerned about the security level on these portable devices. It will use soft tokens and smart cards as well as OTP, SIM and PKI based authentication methods.

OATH has shown their importance in the industry by proposing a model of Open Strong Authentication based primarily on existing standards that ensure secure credentials can be provisioned and verified by disparate software and hardware platforms. It will help drive strong authentication deep into the network infrastructures making deployment of strong authentication possible for large user populations in a variety of scenarios.
OATH is the only collaborative industry effort focused on expanding market opportunities with stakeholders, manufacturers, software vendors and service providers. Currently a user ID and password are the predominantly and most frequently method used for authentication. This method is highly prone to cyber hacking and there is always a risk of someone stealing your information using this method. Online identities secured only by passwords can be exploited, resulting in identity theft or compromised systems. Existing tow-factor authentication approaches, while more effective, are often expensive and complex, and their lack of interoperability poses significant barriers to adoption. OATH reduces cost and is much more adoptable.
With the use of OATH authentication methods, we can and will reduce the bad guys from obtaining our personal information. An average person has more than ten passwords, which is fairly easy for hackers to figure out with time and patience and the complacency of users and keystrokes. The overall fundamental security mechanisms to protect personal information online are fairly unsophisticated. With OATH, they have implemented an industry-wide collaborative effort to promote Open Strong Authentication that will remove barriers and broaden more aspects of on line security to include communication, collaboration, and conducting business.

References

OATH-initiative for open authentication. (2012). Retrieved from http://openauthentication.org/

SecuTech joins open authentication initiative oath. (2012). Retrieved from http://www.esecutech.com/news_display/secutech-joins-open-authentication-initiative-oath.html

OATH authentication security token. (n.d.). Retrieved from http://www.solidpass.com/authentication-methods/oath-authentication.html

References: OATH-initiative for open authentication. (2012). Retrieved from http://openauthentication.org/ SecuTech joins open authentication initiative oath. (2012). Retrieved from http://www.esecutech.com/news_display/secutech-joins-open-authentication-initiative-oath.html OATH authentication security token. (n.d.). Retrieved from http://www.solidpass.com/authentication-methods/oath-authentication.html