Initiative for Open AuTHentication (OATH) will present its version 2.0 Reference Architecture at RSA Conference 2008
WASHINGTON CROSSING, Pa. & SAN FRANCISCO--OATH, the Initiative for Open AuTHentication, today announced that the organization has submitted a new draft specification for generating time-based OTP (one time passwords) to the IETF (Internet Engineering Task Force) as part of OATH’s 2008 technology roadmap. The organization made the announcement at the RSA Conference 2008 in San Francisco, the data security industry’s largest tradeshow. At RSA, two of the group’s leaders, Siddharth Bajaj of VeriSign and Stu Vaeth of Diversinet, will present the Organization’s revised Reference Architecture, version 2.0.
The TOTP draft was developed through the collaboration of several OATH members in order to create an industry-backed standard. It complements the event-based one-time standard (HOTP RFC 4226), and offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines.
In addition, OATH also submitted the final version of the OCRA (OATH Challenge-Response Algorithms) specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.
“This year’s RSA Conference marks OATH’s fourth year of existence and we continue to mark our anniversary with the delivery of two major pieces from our technology roadmap,” said Bajaj, Chair for OATH’s Joint Coordinating Committee. “The TOTP draft fills an important gap in the available open authentication standards today and is in line with the OATH philosophy of enabling the broadest choice of open authentication technologies.”
Another important milestone is the Thraud specification, being in last call at the IETF. Thraud is the data format for sharing transaction fraud information.
According to Dr. David M'Raihi, co-chair of OATH's Technical Focus Group, TOTP, OCRA, and Thraud are all key ingredients of OATH’s open framework for authentication. “All technology standards proposed by OATH are completely open and can be implemented royalty-free by any security vendor, and OATH believes these new standards will significantly increase adoption and innovation of authentication products and technologies,” added Dr. M’Raihi. “Open standards-based technologies will also enable organizations to source authentication hardware and validation systems from a number of vendors, in a best-of-breed deployment.”
OATH members have been working on the TOTP draft since last September. The OCRA and Thraud specifications have been underway since 2006. Contributors to these drafts include: ActivIdentity, Diversinet, Entrust, Grandcolas Consulting, Portwise, and VeriSign with valuable inputs from Cryptomathic and Gemalto.
OATH at the RSA Conference 2008
The OATH Reference Architecture version 2.0 provides a strong foundation for OATH member companies for a comprehensive open and industry-endorsed technology solution for strong authentication. It includes a new technical roadmap and two key new concepts that will help in wider adoption and expansion of strong authentication technology.
The updated Reference Architecture promotes a vision of risk-based strong authentication where a risk level is assessed for each transaction and the appropriate level of strong authentication is used. It also presents several models for the sharing of strong authentication credentials across organizations and networks. This includes leveraging existing federated identity and emerging user-centric identity technologies such as OpenID and CardSpace. Bajaj and Vaeth will present on the new OATH Reference Architecture on Thursday, April 10, 10:40 a.m. (Session AUTH-303).
Conference attendees can view OATH technology in action at the OATH Pavilion (Booth #1951) at the RSA Conference 2008. The following companies will be showcasing their technologies: Aladdin, Diversinet, Identita, Innovative Card Technologies, Portwise, Vasco and VeriSign.
The OATH Reference Architecture version 2.0 and all draft specifications and standards are available on the OATH website at: http://www.openauthentication.org/specifications.
About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry’s leading collaboration of device, platform and application companies, and end user customers of authentication technologies. OATH participants foster use of strong authentication across networks, devices and applications. OATH participants work collectively to facilitate standards and build a reference architecture for open authentication while evangelizing the benefits of strong interoperable authentication in a networked world. As OATH grows, the organization actively incorporates feedback and technology contributions from end-user participants who share a common vision for open authentication technology and the products that provide this important measure of security.
OATH is dedicated to assisting customers with the reduction of cost and complexity of deploying strong authentication within enterprises and across the Internet. Since its formation in 2004, OATH’s membership includes security industry leaders from token manufacturers, platform vendors, smartcard providers, and security services companies. End user companies join OATH to add their voice and ideas towards the goal of open authentication.
To join OATH and to see a list of its current membership, go to: http://www.openauthentication.org/membership.asp. To learn more about OATH, e-mail i...@openauthentication.org or visit http://www.openauthentication.org. Visit OATH at the RSA Conference in Booth #1951.