Skip to content

Multi Factor Authentication

Alejandro Medrano edited this page Aug 31, 2015 · 2 revisions

As for Version 3.4.0 universAAL supports third party implementation of MFA (Multi-Factor Authentication, a generalization of 2 Factor Authentication). This means there is an ontology and a service definition so it can be implemented. This service might be implemented as part of the platform in future versions.

MFA can be achieved by implementing the AuthenticationService restricting the service profile to where the presented credentials are of type MultifactorCredentials, and the factors provided can be interpreted by the service callee. In this simple scenario each service callee must be able to provide authentication for each factor and combination of desired factors.

As example the security ontology provides 2 factors:

  • Password, as Knowledge based factor, something the user knows.
  • One Time Password, as a Possession type factor, something the user has. At this level how the user receives this factor is not considered.

Future Development

  1. Extend the security ontology with different concepts and hierarchies for the different factors
  2. Add semantical services to be able to create profiles for validation of each factor type individually
  3. Add services to be able to generate factors and send them to the user, if necessary.
  4. Create a generic MFA AuthenticationService profile that intelligently selects, generates (if necessary) and validates the provided factors to authenticate the user.
Clone this wiki locally