Research Article
Levels of Authentication Assurance: an Investigation
@INPROCEEDINGS{10.1109/IAS.2007.88, author={Aleksandra Nenadic and Ning Zhang and Lix Yao and Terry Morrow}, title={Levels of Authentication Assurance: an Investigation}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={Access control Authentication Authorization Computer science Computer science education Computer security Helium Information security Information systems Protection}, doi={10.1109/IAS.2007.88} }- Aleksandra Nenadic
Ning Zhang
Lix Yao
Terry Morrow
Year: 2007
Levels of Authentication Assurance: an Investigation
IAS
IEEE
DOI: 10.1109/IAS.2007.88
Abstract
The ES-LoA project, funded by the UK Joint Information Systems Committee (JISC) under its e- Infrastructure Security Programme, investigates current and future needs among UK research and education community for a more fine-grained authorisation scheme that would allow service providers to take into account of the levels of confidence in identifying a remote entity requesting for service access. Such a fine-grained authorisation scheme is attractive to service providers offering resources with varying levels of sensitivity and/or wishing to tailor their security protections based upon risk levels. Service providers may wish to restrict access to more sensitive resources only to those who have gone through a more stringent authentication process, or given the same remote entity, require the use of a stronger authentication token should the access request come from a more risky environment. In this way, the quality of an authentication instance, expressed as an authentication Level of Assurance (LoA), becomes one of the parameters used in access control decision making. This paper investigates the current worldwide efforts in defining LoA and identifies gaps in existing definitions when they are applied to a federated environment.
