Title: Gluu publishes open source mobile phone authentication software to enable derived credentials
1 Gluu publishes open source mobile phone
authentication software
- Gluu announced today that development of its new
open source mobile two-factor authentication app
and server platform, oxPush, has been completed
and is now available for enterprise use. oxPush
is an Apache Cordova project, and is a single
html5 page. Organizations can customize this
page, and distribute their own branded app for
authentication. Cordova can be deployed on
Android, IOS, Windows and Blackberry mobile
platforms. -
- Gluus goal was to publish a free and
customizable alternative to commercial
authentication services. Currently organizations
present a very specific user experience for Web
authentication. A similar amount of control is
desirable for mobile authentication, said
Michael Schwartz, Gluu CEO. An open source
platform like oxPush makes it easier for an
organization to implement the hooks to enable
derived credentials by utilizing the mobile PKI
and biometric capabilities of the device. -
- Of the numerous commercial solutions available,
many organizations are turning to mobile
two-factor authentication (2FA) to augment their
existing systems. An obvious choice, mobile
two-factor authentication is appealing because of
its user friendly nature, economic cost structure
and security effectiveness.
2However, despite acknowledged security concerns
and high levels of account hacking and personal
data theft, many organizations have been slow to
adopt and implement stronger forms of
authentication. We felt that an open source
alternative to pay-per-user type two-factor
authentication solutions would lower the barriers
for more organizations to implement better
security, said Schwartz. There is no license
fee for passwords. And it may sound silly, but
businesses are simply not used to the idea that
they need to pay for authentication. oxPush is
published under an MIT open source license, and
the implementation script can be downloaded for
free on the OX Wiki. After an organization
implements oxPush, users will be prompted to
download the application upon their first
authentication attempt, bind their device with
their account via a QR code snapshot, and then
approve all subsequent authentication attempts
via an out-of-band (OOB) push to their mobile
phone. oxPush, used with the Gluu Server is a
fully customizable, standards-based
authentication and authorization solution that is
designed to run out-of-the-box on your existing
hardware or a dedicated cloud server provided by
Gluu
3For a complete list of current two-factor
authentication solutions supported by the Gluu
Server, visit this page. Schedule your demo of
the complete, integrated solution today. About
Gluu Gluu provides design, build, and
operational services to organizations that want
to deploy OX for mission critical authentication
and authorization. The OX open source project,
maintained by Gluu, implements two profiles of
OAuth 2.0 OpenID Connect for authentication and
UMA for authorization. A subscription to the Gluu
Server, Gluus flagship service, enables an
organization to quickly deploy one or more OX
instances for their Internet domain, on the IAAS
platform of their choice, to enable single
sign-on, multi-factor authentication, and web
access management.
4Even Scott Cantor has acknowledged at InCommon
Camp that Shibboleth 3.0 is being designed to
make it easier to support OpenID Connect in the
future! So were going out on a limb here and
predict that OpenID Connect is actually going to
catch on this time. We are also perhaps going to
help our own cause by providing a scalable,
production quality open source implementation of
OpenID Connect oxAuth. If anyone disagrees or
agrees with the admittedly arbitrarily drawn
graphs above, feel free to comment
below! Article Resource-http//thegluuserver.bl
ogspot.in/2013/12/gluu-web-authentication-sso-prot
ocol.html