|
Work item:
|
X.1451 (ex X.tfrca)
|
|
Subject/title:
|
Risk identification to optimize authentication
|
|
Status:
|
Approved on 2020-05-29
|
|
Approval process:
|
AAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
-
|
|
Liaison:
|
-
|
|
Supporting members:
|
-
|
|
Summary:
|
For information and communication technology (ICT) systems, user authentication is an essential and critical security function. Various authentication mechanisms are available, but it may not be clear how to make the best choice from a number of options. Authentication of ICT services should strive to balance multiple functional objectives such as security, user experience, cost, performance, etc.
Considering these challenges, this Recommendation specifies a risk identification function in an ICT service system as a pre-processor before the authentication function is invoked. It enables the ICT service system to optimize user authentication based on identified risks.
With this specific risk identification function, the ICT service system can make choices on authentication mechanisms adaptively to its users and achieve multiple benefits such as: 1) to improve user experiences; 2) to increase the capacity and reduce the per transaction cost of user authentication; 3) to reduce the risk of user identity forgery.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2018-09-13 10:50:59
|
|
Last update:
2020-06-25 18:21:44
|
