Accessibility Links

Accessibility Links

English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2





   e-Authentication Models

There are two basic models for establishing an e-authentication system.

Direct Authentication

When both the user and service provider participate in a trust relationship that allows them to exchange and validate credentials, direct authentication can be performed. Direct authentication requires the presentation of credentials from the user, which are typically a username and password. The service provider uses these credentials to authenticate the request.

Brokered Authentication

In a situation where the user and the service provider do not share a direct trust relationship, a 'broker' can be used to perform authentication. The broker authenticates the client and then issues a security assertion that the service can use to authenticate the user.

Below is a table showing the comparison between the two models.

Aspects Direct Authentication Brokered Authentication
Trust Relationship Service provider establishes trust with the user directly. Service provider trusts on the broker who will perform authentication with the user.
Infrastructure Support Direct Authentication works with most infrastructures. Brokered Authentication requires an infrastructure that supports the use of security assertion.
Cross-domain Access Requires authentication for every connection to a different service. The same assertion could be used to access all services within an organization.
Usage Example Direct username and password authentication.
  • PKI-based Authentication which makes use of the verification service (i.e. OCSP) of the certification authority.

  • Federation systems that depend on each other to authenticate their respective users and vouch for their access to services offered by other members of the federation.

   e-Authentication Methods

   Security Mitigations and Tips

   Technical Resources

   What is e-Authentication Assurance Level?

   Examples on Determining the Assurance Level

Back back to topTop

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
General Users Youngsters & Students Parents & Teachers IT Professionals SME