On Mon, Jan 15, 2018 at 8:28 PM, Dimuthu Leelarathne <[email protected]> wrote:
> Hi Pamoda, > > Authentication history is a broad term. How do we plan to identify > exceptions? > > thanks, > Dimuthu > > On Mon, Jan 15, 2018 at 8:04 PM, Johann Nallathamby <[email protected]> > wrote: > >> *[-IAM, RRT]* >> >> Apart from the business transaction value, following factors can be >> considered for risk calculation. >> >> 1. Environment - IP, network, geographical location, time of the day, >> device/OS/Device fingerprinting >> 2. Context - Previous successful login time, consecutive invalid login >> attempts followed by a successful attempt >> 3. User behavior - typing speed, etc. >> >> Regards, >> Johann. >> >> On Mon, Jan 15, 2018 at 4:50 PM, Pamoda Wimalasiri <[email protected]> >> wrote: >> >>> Hi all, >>> >>> I'm currently working on a risk score calculation method for the >>> authentication request of IAM. I'm still doing the background research on >>> the behavior of other similar approaches [1] and the technologies that can >>> be used. >>> >>> According to my research, the risk score can be calculated based on >>> parameters such as >>> >>> - IP address >>> - Geographical location >>> - Authentication history >>> >>> Are we considering only the past data here ? We should include the current active sessions too. For example if the user is already in an authenticated session and if she/he is trying to authenticate again, the 2nd attempt might be an attacker. >>> - Time of day >>> >>> In existing approaches, the total level of risk is calculated by the sum >>> of weighted scores of each parameter. >>> >>> Any suggestions are highly appreciated. >>> >>> [1] https://backstage.forgerock.com/docs/am/5.5/authenticati >>> on-guide/index.html#authn-adaptive >>> >>> Thanks, >>> Pamoda >>> -- >>> >>> *Pamoda Wimalasiri* >>> Software Engineer - WSO2 >>> >>> Email : [email protected] >>> Mobile : +94713705814 <+94%2077%20936%207571> >>> Web : https://wso2.com/ >>> >>> >> >> >> -- >> >> *Johann Dilantha Nallathamby* >> Senior Lead Solutions Engineer >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile: *+94 77 7776950* >> LinkedIn: *http://www.linkedin.com/in/johann-nallathamby >> <http://www.linkedin.com/in/johann-nallathamby>* >> Medium: *https://medium.com/@johann_nallathamby >> <https://medium.com/@johann_nallathamby>* >> Twitter: *@dj_nallaa* >> > > > > -- > Dimuthu Leelarathne > Director, Solutions Architecture > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile: +94773661935 <+94%2077%20366%201935> > Blog: http://muthulee.blogspot.com > > Lean . Enterprise . Middleware > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Prakhash Sivakumar Software Engineer | WSO2 Inc Platform Security Team Mobile : +94771510080 <+94%2077%20151%200080> Blog : https://medium.com/@PrakhashS
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
