Skip to main content


Showing posts from April, 2019

How To Build An Authentication Platform

Today's authentication requirements go way beyond hooking into a database or directory and challenging every user and service for an Id and password.  Authentication and the login experience, is the application entry point and can make or break your security posture and end user experience. 

Authentication is typically associated with identifying, to a certain degree of assurance, who or what you are interacting with.  Authorization is typically identifying and allowing what that person or thing can do.  This blog is focused on the former, but I might stray in to the latter from time to time.

There are numerous use cases that a modern enterprise needs to fulfil, if authentication services are to deliver value.  These can include:

Authentication for a service or APIDevice authenticationMetrics, timing and analytics of flowsThreat intelligence integrationAnonymous to known authentication profilingContextual analysis In addition to the basic functional requirements, there are several …