Levels of authentication assurance: An investigation

Aleksandra Nenadic; Zhang Ning; Yao Li; Terry Morrow

doi:10.1109/IAS.2007.88

Levels of authentication assurance: An investigation

Aleksandra Nenadic, Zhang Ning, Yao Li, Terry Morrow

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

Abstract

The ES-LoA project, funded by the UK Joint Information Systems Committee (JISC) under its eInfrastructure Security Programme, investigates current and future needs among UK research and education community for a more fine-grained authorisation scheme that would allow service providers to take into account of the levels of confidence in identifying a remote entity requesting for service access. Such a fine-grained authorisation scheme is attractive to service providers offering resources with varying levels of sensitivity and/or wishing to tailor their security protections based upon risk levels. Service providers may wish to restrict access to more sensitive resources only to those who have gone through a more stringent authentication process, or given the same remote entity, require the use of a stronger authentication token should the access request come from a more risky environment. In this way, the quality of an authentication instance, expressed as an authentication Level of Assurance (LoA), becomes one of the parameters used in access control decision making. This paper investigates the current worldwide efforts in defining LoA and identifies gaps in existing definitions when they are applied to a federated environment. © 2007 IEEE.

Original language	English
Title of host publication	Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security\|Proc. IAS Int. Symp. Inf. Assur. Secur.
Place of Publication	Washington, DC, USA
Publisher	IEEE Computer Society
Pages	155-158
Number of pages	3
ISBN (Print)	0769528767, 9780769528762
DOIs	https://doi.org/10.1109/IAS.2007.88
Publication status	Published - 2007
Event	3rd Internationl Symposium on Information Assurance and Security, IAS 2007 - Manchester Duration: 1 Jul 2007 → … http://dblp.uni-trier.de/db/conf/IEEEias/IEEEias2007.html#YangBZ07http://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07.xmlhttp://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07

Conference

Conference	3rd Internationl Symposium on Information Assurance and Security, IAS 2007
City	Manchester
Period	1/07/07 → …
Internet address	http://dblp.uni-trier.de/db/conf/IEEEias/IEEEias2007.html#YangBZ07http://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07.xmlhttp://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07

Access to Document

10.1109/IAS.2007.88

Cite this

@inproceedings{77da00b15406413fbed0f867d0932f3e,

title = "Levels of authentication assurance: An investigation",

abstract = "The ES-LoA project, funded by the UK Joint Information Systems Committee (JISC) under its eInfrastructure Security Programme, investigates current and future needs among UK research and education community for a more fine-grained authorisation scheme that would allow service providers to take into account of the levels of confidence in identifying a remote entity requesting for service access. Such a fine-grained authorisation scheme is attractive to service providers offering resources with varying levels of sensitivity and/or wishing to tailor their security protections based upon risk levels. Service providers may wish to restrict access to more sensitive resources only to those who have gone through a more stringent authentication process, or given the same remote entity, require the use of a stronger authentication token should the access request come from a more risky environment. In this way, the quality of an authentication instance, expressed as an authentication Level of Assurance (LoA), becomes one of the parameters used in access control decision making. This paper investigates the current worldwide efforts in defining LoA and identifies gaps in existing definitions when they are applied to a federated environment. {\textcopyright} 2007 IEEE.",

author = "Aleksandra Nenadic and Zhang Ning and Yao Li and Terry Morrow",

year = "2007",

doi = "10.1109/IAS.2007.88",

language = "English",

isbn = "0769528767",

pages = "155--158",

booktitle = "Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security|Proc. IAS Int. Symp. Inf. Assur. Secur.",

publisher = "IEEE Computer Society ",

address = "United States",

note = "3rd Internationl Symposium on Information Assurance and Security, IAS 2007 ; Conference date: 01-07-2007",

url = "http://dblp.uni-trier.de/db/conf/IEEEias/IEEEias2007.html#YangBZ07http://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07.xmlhttp://dblp.uni-trier.de/rec/bibtex/conf/IEEEias/YangBZ07",

}

Nenadic, A, Ning, Z, Li, Y & Morrow, T 2007, Levels of authentication assurance: An investigation. in Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security|Proc. IAS Int. Symp. Inf. Assur. Secur.. IEEE Computer Society , Washington, DC, USA, pp. 155-158, 3rd Internationl Symposium on Information Assurance and Security, IAS 2007, Manchester, 1/07/07. https://doi.org/10.1109/IAS.2007.88

Levels of authentication assurance: An investigation. / Nenadic, Aleksandra; Ning, Zhang; Li, Yao et al.
Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security|Proc. IAS Int. Symp. Inf. Assur. Secur.. Washington, DC, USA: IEEE Computer Society , 2007. p. 155-158.

Research output: Chapter in Book/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Levels of authentication assurance: An investigation

AU - Nenadic, Aleksandra

AU - Ning, Zhang

AU - Li, Yao

AU - Morrow, Terry

PY - 2007

Y1 - 2007

N2 - The ES-LoA project, funded by the UK Joint Information Systems Committee (JISC) under its eInfrastructure Security Programme, investigates current and future needs among UK research and education community for a more fine-grained authorisation scheme that would allow service providers to take into account of the levels of confidence in identifying a remote entity requesting for service access. Such a fine-grained authorisation scheme is attractive to service providers offering resources with varying levels of sensitivity and/or wishing to tailor their security protections based upon risk levels. Service providers may wish to restrict access to more sensitive resources only to those who have gone through a more stringent authentication process, or given the same remote entity, require the use of a stronger authentication token should the access request come from a more risky environment. In this way, the quality of an authentication instance, expressed as an authentication Level of Assurance (LoA), becomes one of the parameters used in access control decision making. This paper investigates the current worldwide efforts in defining LoA and identifies gaps in existing definitions when they are applied to a federated environment. © 2007 IEEE.

AB - The ES-LoA project, funded by the UK Joint Information Systems Committee (JISC) under its eInfrastructure Security Programme, investigates current and future needs among UK research and education community for a more fine-grained authorisation scheme that would allow service providers to take into account of the levels of confidence in identifying a remote entity requesting for service access. Such a fine-grained authorisation scheme is attractive to service providers offering resources with varying levels of sensitivity and/or wishing to tailor their security protections based upon risk levels. Service providers may wish to restrict access to more sensitive resources only to those who have gone through a more stringent authentication process, or given the same remote entity, require the use of a stronger authentication token should the access request come from a more risky environment. In this way, the quality of an authentication instance, expressed as an authentication Level of Assurance (LoA), becomes one of the parameters used in access control decision making. This paper investigates the current worldwide efforts in defining LoA and identifies gaps in existing definitions when they are applied to a federated environment. © 2007 IEEE.

U2 - 10.1109/IAS.2007.88

DO - 10.1109/IAS.2007.88

M3 - Conference contribution

SN - 0769528767

SN - 9780769528762

SP - 155

EP - 158

BT - Proceedings - IAS 2007 3rd Internationl Symposium on Information Assurance and Security|Proc. IAS Int. Symp. Inf. Assur. Secur.

PB - IEEE Computer Society

CY - Washington, DC, USA

T2 - 3rd Internationl Symposium on Information Assurance and Security, IAS 2007

Y2 - 1 July 2007

ER -

Levels of authentication assurance: An investigation

Abstract

Conference

Access to Document

Fingerprint

Cite this