With this, this, this, & these, conversations going around, I guess it's time for me to layout my meek plans for "n Factor" Authentication. (a step towards strong secure AuthN)
Prerequisites :
- Sun's Java Card Technology
- Sun's Access Manager
- Fingerprint Scanner
- 1024 Bit SSL Certificate
- Smart Card Reader
- ...yet to be discovered...
- Use the Java Card API to bind a fingerprint (biometric AuthN) to a Certificate stored on a Java Card.
- Use the Java Card API & Java Card Reader SDK, to automatically register the Certificate stored on the Java Card to the device being used (browser for Web Access, and System Registry for Network Access).
- Configure the "device" to authenticate to Sun's Access Manager for Network Access.
- Configure the "web applications" to use the authentication Token validated by Sun's Access Manager for Web Access.
- Build a Authentication Module for Sun's Access Manager to accept the Certificate stored on the Java Card using Access Manager's SDK, The Java Card Readers SDK and the Java Card API.
- Chain Sun Access Managers Default Authentication Module (there's a huge range available) to the custom AuthN Module Built in the prior Step.
The intention here is to attain "n Factor AuthN". Using a fingerprint to authenticate to the reader in order to obtain access to the certificate store on the java card would be Auth Level 1. The Certificate from the Java Card being presented to Access Manager in order to access the default authentication module would itself be Auth Level 2. The Default Authentication Module (ZKPP) that Access Manager invokes on successul receipt of a user certificate from the Java Card would be Auth Level 3.
Use Roles, Policies etc... for Authorization and Grant Access to resources (both web, and network) --AuthZ In the next phase, I'd draw up "n factor AuthZ".--if youre' still scared of Identity theft, well, one would have to steal your card, cutoff your finger, and then rummage your brains for your userid and password.