Anil John
Making Digital Services Secure and Trustworthy

Anil John


Process of Establishing Confidence to Generate an Assurance

Tokens and Credentials. Not the same.

Token, possessed and controlled by an individual, is used to authenticate the individual using one or more of the traditional authentication factors (something you know, have, or are). Credential authoritatively links an identity to a token

Protocols and Profiles. Interoperability.

Standard protocols are the technical format and rules by which identity information is exchanged. Profiles constrain protocols to specific choices to ensure interoperability between the sender and the receiver.

Federation. Across security boundaries.

A multi-party arrangement in which there is agreement on the adherence to standards and practices that ensure confidence, enable interoperability, realize efficiencies and reduce risk

More Authentication Advice

RFI - EMV Enabled Debit Cards as Authentication Tokens?

What are the business, security and privacy implications around the use of EMV Cards for authentication?
[Continue reading ...]

Why Multi-Factor and Two-Factor Authentication May Not Be the Same

Identity assurance and implementing two-factor authentication
[Continue reading ...]

Do the Majority of Public Sector Digital Services Need Credentials?

Do we need credentials in order to allow access to little used applications?
[Continue reading ...]

Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!

I will never share, rent, or sell your information to anyone. Cancel anytime.