From Moats to Slopes – How Authorization and Authentication Impact Each Other
In zero-trust environments, authentication is typically the only gate that prevents attackers from penetrating an organization. Today’s organizations require access by temps, contractors, vendors, partners, employees and a variety of consumers. For such organizations, a standardized “deep moat” approach decreases business agility and consumer engagement. On the other hand, leveraging Bring Your Own Identity (BYOID) or diverse authentication systems of partner organizations can create a “graded slope” of access. In such environments, dynamic authorization can determine users’ capabilities based on their authentication. Similarly, the users’ actions or access patterns can also require them to provide stronger authentication if needed. This talk discusses the details of how such systems where authorization and authentication are interdependent, may be architected. It will also discuss the benefits of embracing diverse authentication and dynamic authorization. The talk will also review the role of open standards such as CAEP and SSE in making such an architecture possible across organizations.