-
Notifications
You must be signed in to change notification settings - Fork 2
Multi Factor Authentication
As for Version 3.4.0 universAAL supports third party implementation of MFA (Multi-Factor Authentication, a generalization of 2 Factor Authentication). This means there is an ontology and a service definition so it can be implemented. This service might be implemented as part of the platform in future versions.
MFA can be achieved by implementing the AuthenticationService restricting the service profile to where the presented credentials are of type MultifactorCredentials, and the factors provided can be interpreted by the service callee. In this simple scenario each service callee must be able to provide authentication for each factor and combination of desired factors.
As example the security ontology provides 2 factors:
- Password, as Knowledge based factor, something the user knows.
- One Time Password, as a Possession type factor, something the user has. At this level how the user receives this factor is not considered.
Implementation of additional Authentication mechanisms should be done in their own modules. Take the User-Password Authentication mechanism provided by universAAL, there is a module that performs the authentication procedures, and an additional library to help use it (in this case the idea of the library is to avoid sending unsecured passwords through the buses).
- Extend the security ontology with different concepts and hierarchies for the different factors
- Add semantical services to be able to create service profiles for validation of each factor type individually
- Add services to be able to generate factors and send them to the user, if necessary.
- Create a generic MFA AuthenticationService profile that intelligently selects, generates (if necessary) and validates the provided factors to authenticate the user.