OATH Celebrates Three Years of Technical Achievements for Developing
Strong, Industry-Backed Solutions to Open Authentication at the OATH
Pavilion, Booth #1724
WASHINGTON CROSSING, Pa. and SAN FRANCISCO, Feb. 6 /PRNewswire/ --
OATH, the initiative for Open AuTHentication and a leading proponent of
industry- backed standards for royalty-free open authentication, used the
RSA Conference 2007 to announce the organization's 2007 technology roadmap
and goals for achieving industry-backed standards for open authentication.
The organization is also hosting 12 members at the OATH Pavilion Booth 1724
at the Moscone Center in San Francisco the week of February 5, 2007.
OATH, marking its third anniversary at the RSA Conference 2007, has a
strong track record of technology achievements that have furthered industry
efforts toward open authentication standards.
"In 2006, OATH made significant progress working on some of the core
authentication standards, such as HOTP and OCRA, as well as standards for
credential lifecycle, like PSKC, DSKPP," said Siddharth Bajaj, Joint
Coordination Committee Chairman of OATH. "With this groundwork completed,
OATH's 2007 focus will be Application Integration and Adoption. This year,
we will work on items that enable better integration on both client-side
and server-side."
"Standing as the driving force towards open authentication standards,
OATH continues its momentum through several key building blocks slated for
2007," said John Gunn, General Manager for Aladdin North America, an OATH
member. "Taking an all-encompassing approach to safeguarding electronic
commerce and networked operations, OATH's numerous 2007 goals are highly
notable, as they build on its many achievements and focus on standards that
encourage streamlined implementation and adoption of strong authentication
technologies. Aladdin is pleased to stand beside OATH member companies
working closely to ensure OATH's fast-paced progress."
OATH's client side focus is on work items that enable seamless
integration of both authentication methods as well as authentication tokens
into clients, browsers, CardSpace, and other target markets. The group's
server side will focus on standardized interfaces that enable applications
to support the validation of OATH credentials.
Bajaj added, "Additionally, to increase adoption of OATH technologies,
OATH also plans to initiate an open source initiative. This will provide
key building blocks that will accelerate the development and deployment
cycles for strong authentication technologies."
Some of the theme elements that the organization has targeted for 2007
include:
-- Key Provisioning -- OATH in collaboration with RSA and members of the
IETF initiated the formation of a new IETF work group, "KeyProv",
focusing on the development of a standard end user provisioning
protocol for symmetric keys used for authentication. The KeyProv WG was
formally approved by the IETF in January and will convene at the March
IETF meetings in Prague.
-- OATH Challenge-Response Algorithm (OCRA) - This work item adds support
for challenge response based authentications and short digital
signatures, based on the existing HOTP algorithm (RFC 4226).
-- OATH Identifier Namespace -- To improve interoperability and token
sharing across different vendors' authentication solutions, OATH is
proposing a standard format for credential identifiers based on IEEE
EUI-64 standard to be used in authentication systems.
-- Transaction Fraud Reporting-- In response to growing industry interest
in fraud data reporting and sharing, OATH is introducing a data format
to facilitate interoperability and exchange of transaction-related
fraud data. The specification support both inbound (Thraud Reports) and
outbound (Thraud Watchlists) mechanisms.
-- OATH HOTP variant (time-based) -- This work item will extend the HOTP
algorithm and offer a standard for time-based one time passwords. The
current HOTP is an event-based one time password algorithm.
-- OATH Web Services Validation Protocol -- This work item will create a
standard web-services based protocol that will enable application to
send validation requests for OATH credentials including HOTP, OCRA and
in the future time-based OTPs.
-- CardSpace support for OATH standards -- This work item will create a
requirements document that will capture feature requests for support of
OATH authentication technologies (HOTP, OCRA, time-based HOTP) in
addition to the four authentication mechanisms (Username/Password,
Kerberos, Smart Card, and self-issued) that are supported in CardSpace
today. OATH intends to submit this document to Microsoft later this
year.
-- OATH Platform-independent OTP retrieval API -- This API will enable
applications on different software platforms (Windows, Linux/Unix,
Windows Mobile, and others) to retrieve OTP values from a variety of
connected tokens. The tokens may be implemented in software, on-board
hardware (TPM), or via removable hardware (USB tokens, smart cards, SIM
cards and more).
-- OATH HTML Tags -- This work item will enable seamless integration of
OATH authentication technologies in web applications. Standardized HTML
tags will serve as triggers for web browser plug-ins and in the future
browsers to automatically interact with OATH-enabled tokens on the one
side and web applications on the other side - supporting use cases for
provisioning and retrieval of OATH credentials such as OTPs.
-- OATH Risk-based Authentication -- Risk-based authentication usually
refers to the selection of authentication schemes based on the measured
risk associated with the particular session and requested transaction.
OATH is currently analyzing the federation of these techniques into a
Web Access Management (WAM) layer. The WAM would perform the
orchestration of the separate service invocations, effectively
transferring the burden of risk analysis and authentication method
selection, from the application writers to the WAM developers.
About the Initiative for Open AuTHentication
The Initiative for Open AuTHentication (OATH) is the industry's leading
collaboration of device, platform and application companies, and end user
customers of authentication technologies. OATH participants hope to foster
use of strong authentication across networks, devices and applications.
OATH participants work collectively to facilitate standards and build
reference architecture for open authentication while evangelizing the
benefits of strong interoperable authentication in a networked world. As
OATH grows, the organization is actively seeking feedback and technology
contributions from end-user participants who share a common vision for open
authentication technology and the products that provide this important
measure of security.
OATH is dedicated to helping customers reduce the cost and complexity
of deploying strong authentication within enterprises, and across the
Internet. Since its formation, OATH's membership includes security industry
leaders from token manufacturers, platform vendors, smartcard providers,
and security services companies. End-user companies are joining OATH to add
their voice and ideas to the goal of open authentication.
To join OATH and to see a list of its current membership, go to:
http://www.openauthentication.org/membership.asp. Access the enrollment
form by visiting: http://www.openauthentication.org/membership_form.asp.
OATH technical documents including internet-draft specifications can be
located at: http://www.openauthentication.org/resources.asp. To learn more
about OATH, e-mail info@openauthentication.org or visit
http://www.openauthentication.org.
Contact: Dan Chmielewski
Madison Alexander PR, Inc.
714-832-8716
dchm@madisonalexanderpr.com
or Joann Killeen
Madison Alexander PR, Inc.
310-476-6941
joannk@madisonalexanderpr.com
SOURCE OATH
 back to top
Related links:
http://www.openauthentication.org
CONTACT:
Dan Chmielewski, Madison Alexander PR, Inc.,
+1-714-832-8716, or dchm@madisonalexanderpr.com, or Joann
Killeen, Madison Alexander PR, Inc., +1-310-476-6941, or
joannk@madisonalexanderpr.com, both for OATH
|
