Today’s authentication requirements go way beyond hooking into a database or directory and challenging every user and service for an Id and password. Authentication and the login experience, is the application entry point and can make or break your security posture and end user experience.
Authentication is typically associated with identifying, to a certain degree of assurance, who or what you are interacting with. Authorization is typically identifying and allowing what that person or thing can do. This blog is focused on the former, but I might stray in to the latter from time to time.
There are numerous use cases that a modern enterprise needs to fulfil, if authentication services are to deliver value. These can include:
- Authentication for a service or API
- Device authentication
- Metrics, timing and analytics of flows
- Threat intelligence integration
- Anonymous to known authentication profiling
- Contextual analysis
- Simple customisation
- Being highly available
- Stateless and elastic
- Simple integrations
- API first
Non Identity Intelligence
- New go to markets requiring localization
- A new product that requires new API’s and apps
- A merger resulting in differing regulatory compliance requirements
- New attack patterns and vector discovery
- Competitive innovations
- Commodity innovations
Platform versus Product
This blog post was first published @ www.infosecprofessional.com, included here with permission.