BoF: Making authentication stronger and cheaper with web of trust Save to my Google calendar

22/05/2014 15:00-16:30
Web of Trust for Levels of Assurance (WoT4LoA) is a Géant3plus Open Calls project that tries to address the issue of strong authentication in higher education and research. Participants of the project are Innovalor and SURFnet.
The ambition of WoT4LoA is to achieve stronger authentication without the cost and overhead of physical user registration and complexity of many other remote registration solutions. The idea is to use the web of trust concept to establish the authenticity of the binding between an authentication solution (e.g. public key) and its owner via third party user attests. For instance, if person A claims that user B is using a particular authentication solution, it can provide extra confidence for the service provider to allow access to resources that require stronger authentication. Person C can also claim to know B and his authentication mechanism, thereby even further increasing the trust in the identity of B. This approach is a kind of “crowdsourcing of trust” about the identity of the user. A concrete example is the use of the mobile phone as a second authentication factor. Other users can make attests towards the identity provider about the number of the mobile phone of a particular user allowing it to be used as a reliable second factor during e.g. a step-up authentication scenario.
The purpose of this BOF is to discuss and explore several use case scenarios and technical approaches to realise a web of trust based enhancement of the authentication strength in existing identity federations and collaborations for higher education and research. Furthermore, the challenges that are associated with web of trust like bad mouthing and herd behaviour will be discussed.
The output of the BoF will be taken into account in the design and implementation of a proof-of-concept as part of the WoT4LoA project.
Draft agenda:
1. BoF goal (Bob Hulsebosch, Innovalor)
2. Round of introductions
3. Use cases and technical solutions
4. Discussion
5. Conclusions