Roadmap Preview: 1x Password w/ Mobile Phone

At the end of last week, I did a write-up on how we are extending OpenSSO to include Service-Level Monitoring. Today I'd like to talk about 1x Password capabilities that we are adding to OpenSSO.

One time passwords are used when an organization wants a higher level of authentication for users trying to access a web application. That is, they want to require a second way to authenticate users, such as a physical token card, besides simply entering a user name and password. This is commonly seen in the financial services sector when trying to access bank accounts or when accessing a corporate intranet remotely.

The challenge with physical token cards is that they tend to be expensive to purchase and disseminate. As an alternative, we are in the process of adding capabilities to OpenSSO that allows a user to obtain a 1x password via your mobile phone (i.e. - using SMS text messages). This is not a replacement for traditional multi-factor authentication solutions, but rather a lightweight alternative for those that don't want to buy a robust offering to complement their web access management solution. The key benefit of this solution is that organizations will be able to lower operational expenses by allowing consumers to use their cell phones as a physical token device rather than buying a separate piece of hardware.

Above is a video of what we are building. The solution uses Open Authentication (OATH) to do standards-based strong authentication. It's still rough, but this will give you a taste of what we are building.

Comments:

Man, I love that OAuth. I hope we can get more people using it so I can stop typing in all my Web 2.0 username/password into fly-by-nite services.

Posted by Cote' on February 03, 2009 at 08:38 AM PST #

Nice job Daniel!

Posted by Nick Crown on February 06, 2009 at 10:00 PM PST #

[Trackback] A stupendous new capability in development. Watch a video demo.

Posted by Marina Sum's Blog on February 11, 2009 at 01:56 AM PST #

pure gold.

Posted by horto on February 12, 2009 at 12:48 AM PST #

Could this be adapted for password resets? A real cost issue in our organisation?

Posted by John Gillespie on August 05, 2009 at 06:43 PM PDT #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Read my extraordinary thoughts about the world of identity and access management. As an identity child prodigy, I have much to say about these subjects.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today