Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Darshana, Yes, We can use the same architecture in 5.3.0/5.4.0 and 5.5.0, if we do with proper extension mechanism. Only difference is how we call the function. With custom authenticators written in Java on 5.3.0/5.4.0 and Javascripts (unlocked) in 5.5.0 What I am really proposing is to

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Pamoda, What are the use cases we try to implement with the calculated risk score? On Tue, Jan 23, 2018 at 10:43 PM, Ruwan Abeykoon wrote: > Hi Dimuthu, > +1 on using existing infrastructure with IS. > > We need to implement "Risk Calculator" logic in DAS, with Spark and

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi All, Currently, we have implemented two types of alerts [1] in IS Analytics to monitor suspicious login attempts and abnormal login sessions. We have defined set of rules to detect such abnormal login activities using Spark and Siddhi queries. So you can improve and reuse them as well for

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Dimuthu, +1 on using existing infrastructure with IS. We need to implement "Risk Calculator" logic in DAS, with Spark and Siddhi queries. This should not be inside the IS. What IS needs to do is to query the "Risk Data" with lucene while performing the authentication flow. This component can

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Ruwan, Btw .. we are doing this for 5.X series. thanks, Dimuthu On Fri, Jan 19, 2018 at 9:34 AM, Dimuthu Leelarathne wrote: > Hi Ruwan, > > I am thinking of using the existing architecture as it is. Right now there > is an eventing listeners that publish data to DAS. I

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Ruwan, I am thinking of using the existing architecture as it is. Right now there is an eventing listeners that publish data to DAS. I propose we reuse it as it is. Those event listeners that publish data can be X-EventListener, Y-EventListener, etc ... There are a lot of data that we can

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Pamoda, Can we enhance the architecture a little bit. We need to decouple "Risk Calculator" and "Identity Framework" further. IS needs a mechanism to receive the feedback from the pub/sub channel and make changes in authentication flow. 1.

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi all, The figure shows a high-level architecture for the risk score calculation. [image: Inline image 2] - Authentication Data Publisher in the Identity Framework publishes the authentication events to a database - Authenticator requests a risk score from the risk score calculator.

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

On Tue, Jan 16, 2018 at 8:13 AM, Prakhash Sivakumar wrote: > On Mon, Jan 15, 2018 at 8:28 PM, Dimuthu Leelarathne > wrote: > >> Hi Pamoda, >> >> Authentication history is a broad term. How do we plan to identify >> exceptions? >> > As authentication

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Ruwan, On Tue, Jan 16, 2018 at 9:39 AM, Ruwan Abeykoon wrote: > Hi Hasitha, > There is a question about MAC address, which is not available beyond an IP > router. What we do is browser fingerprinting with a cookie or something. > > *>> i.e I usually login to my personal

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Hasitha, There is a question about MAC address, which is not available beyond an IP router. What we do is browser fingerprinting with a cookie or something. *>> i.e I usually login to my personal Gmail using my phone. If I use my MAC machine suddenly, google sends an email if this is you. * IS

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi all, We can also consider the MAC address or some machine ID of last successful login as well. *i.e I usually login to my personal Gmail using my phone. If I use my MAC machine suddenly, google sends an email if this is you. * Also previous success login location is also important. *i.e If

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Pamoda, Here are some of my thoughts, and not in order or organized. User Behavior analytics (*UBA*) - Implement multi-dimensional clustering (this will detect general user behaviours. Not of an individual) - Implement clickstream analytics (This will have knowledge of

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

On Mon, Jan 15, 2018 at 8:28 PM, Dimuthu Leelarathne wrote: > Hi Pamoda, > > Authentication history is a broad term. How do we plan to identify > exceptions? > > thanks, > Dimuthu > > On Mon, Jan 15, 2018 at 8:04 PM, Johann Nallathamby > wrote: > >> *[-IAM,

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Pamoda, Authentication history is a broad term. How do we plan to identify exceptions? thanks, Dimuthu On Mon, Jan 15, 2018 at 8:04 PM, Johann Nallathamby wrote: > *[-IAM, RRT]* > > Apart from the business transaction value, following factors can be > considered for risk

Re: [Architecture] [RRT]Calculating a risk score for authentication requests

Hi Pamoda On Mon, Jan 15, 2018 at 4:50 PM, Pamoda Wimalasiri wrote: > Hi all, > > I'm currently working on a risk score calculation method for the > authentication request of IAM. I'm still doing the background research on > the behavior of other similar approaches [1] and the

[Architecture] [RRT]Calculating a risk score for authentication requests

Hi all, I'm currently working on a risk score calculation method for the authentication request of IAM. I'm still doing the background research on the behavior of other similar approaches [1] and the technologies that can be used. According to my research, the risk score can be calculated based