Bi-lateral End-to-End Authentication

To counter this we devise a system where all active entities (users, devices, and services) are named, registered and credentialed.
• We assume a single domain or at least a single enterprise where we have control of these details, but will address a federated case later.
• Credentials include asymmetric encryption keys.
• All services and devices exercise access controls and use SAML Assertions in their decision process. The requestor will not only authenticate to the service (not the server or device), but the service will authenticate to the requestor.
• The interface is termed a “Fat” API, or in the case of a browser or presentation system it is a “fat” browser.

Leave a Reply

Your email address will not be published. Required fields are marked *