Initiative for Open AuTHentication (OATH)'s New v2.0 Reference Architecture Forms Basis for Industry Backed Standards for Open Authentication
WASHINGTON CROSSING, PA, Sept 19, 2007 – OATH, the initiative for Open AuTHentication, today announced that the organization delivered a major update to the OATH Reference Architecture with the release of version 2.0 that builds upon the strong foundation of the original Reference Architecture released in May 2005.
This significantly updated document reflects the current state-of-the-art of strong authentication technology and also sets the vision for the future. It provides a strong foundation for OATH member companies and their customers towards a comprehensive open and industry-endorsed technology solution for strong authentication. The document also sets a high-level technical roadmap for OATH members, by helping identify key gaps and develop industry-wide standards to address them.
The Reference Architecture includes two key new concepts that will help in wider adoption and expansion of strong authentication technology. The updated Reference Architecture promotes a vision of risk-based strong authentication where a risk level is assessed for each transaction and the appropriate level of strong authentication is used. It also presents several models for the sharing of strong authentication credentials across organizations and networks. This includes leveraging existing federated identity and emerging user-centric identity technologies such as OpenID and CardSpace.
"The delivery of this new Reference Architecture document represents thousands of hours spent with OATH member companies as well as significant research into the successful implementation of OATH-derived technologies with our member's customer-sites. This has resulted in a much stronger reference architecture for developing industry-backed standards for open authentication," said Siddharth Bajaj, OATH Joint Coordination Committee (JCC) Chair and principal in the Innovation Group of VeriSign, Inc. "I am particularly pleased with how OATH member companies were generous with time provided for their key technology personnel to contribute to this Reference Architecture in a very meaningful way."
The document is a must-read for decision makers and technical architects from OATH member and non-member companies, IT managers and architects from organizations that are considering deploying strong authentication solutions, and other standards organizations that share all, or part, of the OATH vision. The goals for the OATH Reference Architecture v2.0 include:
- To establish an open Reference Architecture for strong authentication by leveraging existing open standards and leading standardization efforts in well-established technical standards bodies where existing standards are not available.
- To propagate device credentials, strong authentication algorithms and software to many network end-points, such as desktop computers, servers, switches, WiFi access points and set-top boxes.
- To propagate low-cost, multi-function authentication devices like tokens and smart cards.
- To transform today's mobile devices, such as mobile phones, PDAs and laptops, into strong authentication devices.
- To build upon well-established infrastructure components, such as directories and RADIUS servers.
- To facilitate native support for strong device and user authentication on application and identity management platforms.
- To enable sharing of strong authentication tokens and credentials across organizations and networks. To leverage emerging user-centric identity technologies and federated identity protocols as powerful propagation and sharing mechanisms for strong authentication.
- To promote a vision of risk-based strong authentication where the authentication level is adjusted commensurate with the perceived risk of each transaction. To enable better evaluation of risk across organizations by enabling sharing of fraud patterns and other related information.
- To increase the number of packaged applications (such as enterprise resource planning (ERP), material requirements planning (MRP) and customer relationship management (CRM) applications) that support strong authentication, by providing a standard interface for management and verification of strong authentication credentials.
- To enable best-of-breed solutions through interoperable components.
The OATH Reference Architecture v2.0 is jointly defined and published by key industry partners that share the vision of universal strong authentication. OATH member companies believe that by laying the groundwork for ubiquity, integration and interoperability, an open architecture can reduce the risk and complexity of deploying strong authentication products. Lowered risks and costs will drive adoption in enterprises, service providers and governments around the World. By making strong authentication for all users and all devices part of the network fabric, the entire user community will benefit. Increasing trust in the network end-points will make new types of secure interactions possible.
The updated version of the document includes five areas of focus including the new area of risk evaluation framework. These are - client framework, validation framework, risk evaluation framework, client provisioning and management framework, and common data model. The document identifies key gaps that exist today in each of these areas thereby setting the roadmap for the organization.
The Reference Architecture document is free and available to interested organizations at http://www.openauthentication.org/reg.asp.
About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry's leading collaboration of device, platform and application companies, and end user customers of authentication technologies. OATH participants hope to foster use of strong authentication across networks, devices and applications. OATH participants work collectively to facilitate standards and build reference architecture for open authentication while evangelizing the benefits of strong interoperable authentication in a networked world. As OATH grows, the organization is actively seeking feedback and technology contributions from end-user participants who share a common vision for open authentication technology and the products that provide this important measure of security.
OATH is dedicated to helping customers reduce the cost and complexity of deploying strong authentication within enterprises, and across the Internet. Since its formation three years ago, OATH's membership includes security industry leaders from token manufacturers, platform vendors, smartcard providers, and security services companies. End user companies are joining OATH to add their voice and ideas towards the goal of open authentication.
To join OATH and to see a list of its current membership, go to: http://www.openauthentication.org/membership.asp. To learn more about OATH, e-mail i...@openauthentication.org or visit http://www.openauthentication.org.