Security company hopes interoperability will spur strong authentication
- By William Jackson
- Feb 25, 2004
SAN FRANCISCO'VeriSign Inc. is seeking industry support for a reference architecture based primarily on existing standards that would make authentication schemes interoperable across networks and vendor platforms.
The Open Authentication Reference Architecture, or OATH, was announced at the RSA Security Conference this week with a roster of companies already interested in adopting the scheme.
'As we've seen with personal computers, networking and other advances, ubiquitous adoption of any technology accelerates with a shift from proprietary to open architecture,' said Stratton Sclavos, chief executive officer of the Mountain View, Calif., company.
Sclavos hopes that wide acceptance of OATH will make use of strong, two-factor authentication simpler and more widespread, increasing both security and, presumably, VeriSign sales. VeriSign is a vendor of digital certificates and managed PKI services.
Strong authentication uses some form of user ID with a hardware or software token to verify the identity of a user logging onto a network or accessing applications or data, and establish the user's authority to use those services.
There are a number of protocols and technology that allow this, such as Lightweight Directory Access Protocol and Remote authentication dial-in user service. But current strong authentication schemes are complex and usually not interoperable with schemes from other vendors'making strong authentication expensive and creating stovepipe applications.
With OATH, VeriSign hopes to ensure that secure credentials can be provided and verified by multiple hardware and software platforms. The reference architecture will build on existing standards and participating companies intend to develop new specifications for missing standards for credential provisioning and a one-time password algorithm.
'With OATH, device manufacturers, software vendors and service providers will be able to integrate these open interfaces within their products to create interoperable solutions,' VeriSign said in announcing the initiative.
Companies initially supporting OATH include ActivCard Inc. of Fremont, Calif.; Aladdin Systems Inc. of Watsonville, Calif.; Axalto, a division of Schlumberger Ltd. of New York; BEA Systems Inc. of Sunnyvale, Calif.; Gemplus Card International Corp. of Gaithersburg, Md.; IBM Corp., and Rainbow Technologies Inc. of Irvine, Calif.
More information on OATH is available at www.openauthentication.org
William Jackson is a Maryland-based freelance writer.