Saturday, August 16th, 2008
SSOCircle now added MSISDN authentication support. Now you can choose among three authentication methods. Read the new authentication context study that describes use cases for these methods. MSISDN is an authentication method based on a trust relationship to your mobile provider. If you access the internet from your mobile, devices use the provider’s WAP gateway ( simple devices default to use WAP, others may use WAP optionally ). Some of the WAP gateways insert an HTTP header for identification – the MSISDN number. The number is used by SSOCircle to identify and authenticate you. To use MSISDN authentication you need the following requisites:
- The WAP Gateway must insert a MSISDN number
- The WAP Gateway must be trusted by SSOCircle
- You need to link the MSISDN number to your account
- Access SSOCircle by a mobile through a WAP Gateway
Please check whether you match the first two criteria by accessing the MSISDN check page. The third step can be done through the SSOCircle self administration.
Another part of the new authentication context study describes how to leverage authentication context to protect high sensitive user data by requiring a session upgrade to a strong authentication security context.
Tags: MSISDN, WAP, auth context
Posted in English | No Comments »
Sunday, June 8th, 2008
SSOCircle and IDPee now support different SAML2 authentication contexts. The SP is now able to require that a user is authenticated at the specified security strength. SSOCircle will determine the current authentication level and if necessary, asking the user to reauthenticate to the stronger security level.
Think of three different types of use cases. For example a simple bookmarking application that is accessed by a mobile device. For convenience you might decide to use a simple MSISDN automatic user recognition at SSOCircle. But if you are now accessing your Email at Google Apps, you definitely like to have a better protection of the emails. SSOCircle now enforces username/password authentication and upgrades your existing session. Consider now you like to regard your companies sales report application. In this case username / password might not be enough. The application may require that you are authenticated by a X.509 client certificate, issued to your Smart Card token.
Read our technical description for a detailed explanation of how all this works, what you have to do to leverage authentication context levels and which levels SSOCircle and IDPee support. Have a look on our secure lightbulb example which complements the previous lightbulb application to a demonstration of how an application might enforce a stronger authentication.
Tags: Google Apps, MSISDN, SAML, X.509, auth context, certificate, smart card
Posted in English | No Comments »
