Beyond Passwords: Advanced Authentication and Authorization

Abstract

“Beyond Passwords” explores the inherent weaknesses of traditional password-based security systems and proposes alternative methods for enhancing digital security. The post examines the limitations of passwords, including vulnerability to attacks and user management challenges, and discusses advanced solutions such as biometrics, multi-factor authentication, and behavioral analytics.

TOC

• INTRODUCTION
• TRADITIONAL AUTHENTICATION AND AUTHORIZATION TECHNOLOGIES
  • PASSWORDS: THE DOUBLE -EDGED SWORD
  • TOKENS: A STEP UP, BUT NOT ENOUGH
  • ACCESS CONTROL LISTS (ACLS): COMPLEX AND INFLEXIBLE
  • THE NEED FOR ADVANCED TECHNOLOGIES
    • ADVANCED AUTHENTICATION TECHNOLOGIES
    • MULTI-FACTOR AUTHENTICATION (MFA): LAYERING SECURITY
    • BIOMETRICS: THE UNIQUENESS OF YOU
    • CERTIFICATE -BASED AUTHENTICATION: DIGITAL TRUST
    • BEHAVIORAL BIOMETRICS: THE RHYTHM OF AUTHENTICATION
  • ADVANCED AUTHORIZATION TECHNOLOGIES
    • ROLE-BASED ACCESS CONTROL (RBAC): SIMPLIFYING PERMISSIONS
    • ATTRIBUTE-BASED ACCESS CONTROL (ABAC): FINE -GRAINED CONTROL
    • OAUTH AND OPENID CONNECT: THIRD -PARTY AUTHORIZATION
    • XACML: STANDARDIZED POLICY LANGUAGE
  • INTEGRATING ADVANCED AUTHENTICATION AND AUTHORIZATION
    • IDENTITY AND ACCESS MANAGEMENT (IAM) SYSTEMS: THE CENTRAL HUB
    • SINGLE SIGN-ON (SSO): ONE LOGIN, MANY DOORS
    • CONTEXT-AWARE AUTHENTICATION AND AUTHORIZATION: ADAPTING TO THE SITUATION
  • TROUBLESHOOTING AUTHENTICATION AND AUTHORIZATION ISSUES
    • COMMON AUTHENTICATION AND AUTHORIZATION PROBLEMS
    • TROUBLESHOOTING TOOLS AND TECHNIQUES
    • BEST PRACTICES FOR TROUBLESHOOTING
  • CASE STUDIES
    • CASE STUDY 1: FINANCIAL SERVICES FIRM STRENGTHENS SECURITY WITH MFA AND BIOMETRICS
    • CASE STUDY 2: HEALTHCARE PROVIDER IMPLEMENTS RBAC AND CONTEXT -AWARE AUTHORIZATION
    • CASE STUDY 3: E -COMMERCE GIANT STREAMLINES USER EXPERIENCE WITH SSO AND OAUTH
  • CONCLUSION
  • BIBLIOGRAPHY

INTRODUCTION

Ensuring the security of sensitive information and systems is paramount. Authentication and authorization are two fundamental pillars of enterprise security. Authentication verifies the identity of users or devices attempting to access a system, while authorization determines what actions they are permitted to perform once authenticated.

Traditionally, authentication relied heavily on passwords, which, while simple to implement, are susceptible to various attacks such as phishing, brute force, and credential stuffing. Authorization, on the other hand, often involved complex access control lists and manual processes, making it difficult to manage and scale.

The limitations of traditional methods have become increasingly evident as cyber threats have grown in sophistication and frequency. The rise of cloud computing, mobile devices, and the Internet of Things (IoT) has expanded the attack surface, making it more challenging to protect enterprise assets. In response to these challenges, advanced authentication and authorization technologies have emerged, offering more robust and flexible solutions for securing modern enterprise environments.

Advanced authentication technologies, such as multi-factor authentication (MFA), biometrics, and certificate-based authentication, provide additional layers of security beyond passwords, making it significantly harder for attackers to compromise user accounts. MFA, for instance, requires users to provide multiple pieces of evidence to prove their identity, such as a password and a fingerprint or a one-time code sent to their mobile device (Gartner, Multifactor Authentication (MFA)). Biometric authentication leverages unique physical or behavioral characteristics, like fingerprints or facial features, to verify identity (NIST, Digital Identity Guidelines).

Certificate-based authentication utilizes digital certificates to establish trust between users and systems (RSA, What Is Certificate-Based Authentication (CBA)?).

Advanced authorization technologies, such as role-based access control (RBAC) and attribute-based access control (ABAC), offer more granular and dynamic control over access to resources. RBAC assigns permissions based on predefined roles, simplifying authorization management (NIST, Role Based Access Control). ABAC takes a more flexible approach, considering various attributes like user identity, device type, location, and time to make access decisions (Gartner, Attribute-Based Access Control (ABAC)). These advanced technologies are not without their challenges. Implementing and integrating them into existing enterprise systems can be complex, and troubleshooting issues can be time-consuming. However, the benefits they offer in terms of enhanced security and improved user experience far outweigh the challenges.

This white paper will delve into the intricacies of advanced authentication and authorization technologies, exploring their benefits, challenges, and best practices for implementation and troubleshooting. By understanding these technologies and their implications, organizations can make informed decisions about how to best secure their enterprise environments in the face of evolving cyber threats.

TRADITIONAL AUTHENTICATION AND AUTHORIZATION TECHNOLOGIES

Traditional authentication and authorization technologies have long served as the first line of defense in enterprise security. These methods, while familiar and straightforward, often fall short in addressing the complexities and evolving nature of modern cyber threats.

PASSWORDS: THE DOUBLE -EDGED SWORD

Passwords are the most ubiquitous form of authentication. They are easy to implement and understand, making them a popular choice for both users and organizations. However, their simplicity is also their Achilles’ heel. Passwords are vulnerable to a wide range of attacks, including:

• Phishing: Tricking users into revealing their passwords through deceptive emails or websites (Microsoft, How to recognize phishing email).
• Brute Force Attacks: Automated guessing of passwords until the correct one is found (Kaspersky, Brute-force attack).
• Credential Stuffing: Using stolen credentials from one site to gain access to another (Imperva, Credential stuffing attacks).

Moreover, users often choose weak or easily guessable passwords, reuse passwords across multiple accounts, or fail to update them regularly, further exacerbating the risks associated with password-based authentication.

TOKENS: A STEP UP, BUT NOT ENOUGH

To mitigate the risks of passwords, many organizations have adopted token-based authentication. Tokens can be physical devices, like smart cards or USB keys, or software-based, like one-time passwords (OTPs) generated by mobile apps (twilio, What is two-factor authentication?). Tokens add an extra layer of security by requiring users to possess something in addition to their password. However, tokens are not foolproof. Physical tokens can be lost or stolen, while software tokens can be compromised if the user’s device is infected with malware. Additionally, tokens can be inconvenient for users, leading to resistance and workarounds that undermine security.

ACCESS CONTROL LISTS (ACLS): COMPLEX AND INFLEXIBLE

Traditional authorization often relies on access control lists (ACLs), which define the permissions granted to specific users or groups for accessing resources. While ACLs provide a degree of control, they can quickly become complex and difficult to manage as the number of users and resources grows. ACLs are also inflexible, as they do not easily adapt to changing business needs or user roles. This can lead to situations where users have excessive permissions, increasing the risk of unauthorized access or data breaches.

THE NEED FOR ADVANCED TECHNOLOGIES

The limitations of traditional authentication and authorization technologies have become increasingly apparent as cyber threats have evolved. The rise of cloud computing, mobile devices, and the Internet of Things (IoT) has expanded the attack surface, making it more challenging to protect enterprise assets. Advanced authentication and authorization technologies offer a more robust and flexible approach to security. By incorporating multiple factors, biometrics, and contextual information, these technologies can significantly enhance the security of user accounts and access to resources. Additionally, they can improve the user experience by reducing the reliance on passwords and simplifying access management.

ADVANCED AUTHENTICATION TECHNOLOGIES

In the face of increasing cyber threats and the limitations of traditional methods, advanced authentication technologies have emerged as a critical component of enterprise security. These technologies offer more robust and user-friendly ways to verify the identity of individuals and devices, significantly reducing the risk of unauthorized access.

MULTI-FACTOR AUTHENTICATION (MFA): LAYERING SECURITY

Multi-factor authentication (MFA) is a cornerstone of modern security practices. It requires users to provide multiple independent credentials to verify their identity, typically combining something they know (like a password) with something they have (like a smartphone) or something they are (like a fingerprint) (Okta, What Is Multi-Factor Authentication (MFA)?). This layered approach makes it exponentially harder for attackers to compromise accounts, even if they manage to steal one credential. MFA implementations vary, with options ranging from simple one-time codes sent via SMS to more sophisticated biometric scans and push notifications. Each method has its strengths and weaknesses, and the choice often depends on the specific security requirements and user preferences of an organization. For example, while SMS-based OTPs are easy to use, they can be intercepted by attackers, making them less secure than push notifications or hardware tokens (duo, The pros and cons of different 2FA methods).

BIOMETRICS: THE UNIQUENESS OF YOU

Biometric authentication leverages the unique physical or behavioral characteristics of individuals to verify their identity. This can include fingerprints, facial recognition, iris scans, voice patterns, or even typing rhythms. Biometrics offer a convenient and secure alternative to passwords, as they are difficult to forge or steal. However, biometric authentication is not without its challenges. The accuracy of biometric systems can vary, and there are concerns about privacy and the potential for misuse of biometric data (NIST, Digital Identity Guidelines). Additionally, some biometric traits, like fingerprints, can be compromised if not properly protected.

CERTIFICATE -BASED AUTHENTICATION: DIGITAL TRUST

Certificate-based authentication (CBA) relies on digital certificates to establish trust between users and systems. A digital certificate is a unique electronic document that binds a public key to the identity of a person, device, or service. When a user attempts to access a system, their certificate is presented, and the system verifies its authenticity and validity (RSA, What Is Certificate-Based Authentication (CBA)?). CBA is often used in conjunction with smart cards or other hardware tokens, providing a strong and secure authentication mechanism. However, it requires a robust public key infrastructure (PKI) to manage and issue certificates, which can be complex and costly to implement.

BEHAVIORAL BIOMETRICS: THE RHYTHM OF AUTHENTICATION

Behavioral biometrics is an emerging technology that analyzes user behavior patterns, such as typing speed, mouse movements, or gait, to verify identity. This approach offers a continuous and passive authentication method that can detect anomalies and potential threats in real time (BioCatch, What is Behavioral Biometrics?).

While still in its early stages, behavioral biometrics holds great promise for enhancing security and user experience. However, it raises privacy concerns and requires careful implementation to avoid false positives and ensure user acceptance.

ADVANCED AUTHORIZATION TECHNOLOGIES

Beyond verifying identity, the realm of authorization delves into controlling what authenticated users or devices can do within a system. Advanced authorization technologies offer a more nuanced and adaptable approach compared to traditional methods, ensuring that the right entities have the right access at the right time.

ROLE-BASED ACCESS CONTROL (RBAC): SIMPLIFYING PERMISSIONS

Role-Based Access Control (RBAC) is a widely adopted authorization model that simplifies the management of permissions. Instead of assigning permissions directly to individual users, RBAC groups users into roles based on their job functions or responsibilities. Permissions are then associated with these roles, making it easier to manage access for large groups of users (NIST, Role Based Access Control).

For example, in a hospital setting, doctors, nurses, and administrators would each have different roles with varying levels of access to patient records and medical systems. RBAC ensures that each role has the necessary permissions to perform their duties while preventing unauthorized access to sensitive information.

ATTRIBUTE-BASED ACCESS CONTROL (ABAC): FINE -GRAINED CONTROL

Attribute-Based Access Control (ABAC) takes a more granular and dynamic approach to authorization. It considers various attributes of the user, the resource being accessed, and the environmental context to make access decisions (Gartner, Attribute-Based Access Control (ABAC)). These attributes can include user identity, device type, location, time of day, and even the sensitivity of the data being accessed.

ABAC’s flexibility allows for fine-grained control over access, enabling organizations to implement complex security policies that adapt to changing circumstances. For instance, a company could use ABAC to restrict access to certain financial data to employees in the finance department who are accessing the system from a company-owned device during business hours.

OAUTH AND OPENID CONNECT: THIRD -PARTY AUTHORIZATION

In today’s interconnected digital landscape, many applications rely on third-party services to provide additional functionality or access to user data. OAuth and OpenID Connect are two protocols that enable secure authorization for these third-party applications (Auth0, OAuth 2.0 and OpenID Connect).

OAuth allows users to grant third-party applications limited access to their data without sharing their passwords. OpenID Connect builds upon OAuth, adding an identity layer that allows applications to verify the user’s identity and obtain basic profile information (okta, What is OpenID Connect?). These protocols are widely used by social media platforms, online retailers, and other web services to provide a seamless and secure user experience.

XACML: STANDARDIZED POLICY LANGUAGE

The eXtensible Access Control Markup Language (XACML) is a standard for expressing access control policies. It provides a common language for defining who can access what resources under what conditions (oasis-open, eXtensible Access Control Markup Language (XACML) Version 3.0).

XACML’s standardized approach simplifies the management of complex authorization policies across different systems and applications. It allows organizations to define policies once and apply them consistently, reducing the risk of errors and inconsistencies.

INTEGRATING ADVANCED AUTHENTICATION AND AUTHORIZATION

Integrating advanced authentication and authorization technologies into a cohesive enterprise security framework is crucial for maximizing their effectiveness. This involves centralizing identity management, streamlining user access, and adapting to the dynamic nature of modern IT environments.

IDENTITY AND ACCESS MANAGEMENT (IAM) SYSTEMS: THE CENTRAL HUB

Identity and Access Management (IAM) systems serve as the central hub for managing user identities, authentication, and authorization within an organization. These systems provide a unified view of users and their access rights, simplifying the administration of complex security policies (Okta, What is Identity and Access Management (IAM)?). IAM systems offer a range of benefits, including:
• Centralized User Management: Streamlining the creation, modification, and deletion of user
accounts.
• Automated Provisioning and Deprovisioning: Ensuring that users have the appropriate access rights when they join or leave the organization.
• Self-Service Password Reset: Empowering users to manage their passwords without relying on IT support.
• Auditing and Reporting: Tracking user activity and access attempts for compliance and security analysis.

By consolidating identity-related functions, IAM systems reduce the risk of errors and inconsistencies, improve operational efficiency, and enhance overall security posture.

SINGLE SIGN-ON (SSO): ONE LOGIN, MANY DOORS

Single Sign-On (SSO) is a user authentication process that permits users to enter one set of credentials to access multiple applications or systems (OneLogin, What is Single Sign-On (SSO)?). This eliminates the need for users to remember multiple usernames and passwords, improving their experience and productivity.
SSO solutions typically rely on protocols like Security Assertion Markup Language (SAML) or OpenID Connect to establish trust between the identity provider (IdP) and the service provider (SP) (Okta, What is SAML?). When a user logs in to the IdP, a token is generated that can be used to authenticate them to other applications without requiring them to re-enter their credentials.

CONTEXT-AWARE AUTHENTICATION AND AUTHORIZATION: ADAPTING TO THE SITUATION

Context-aware authentication and authorization take into account various contextual factors, such as the user’s location, device, network, and time of day, to make access decisions (PingIdentity, Context-Aware Authentication: What It Is & Why It’s Important).

This dynamic approach allows organizations to implement more granular and risk-based security policies. For example, a company might allow employees to access sensitive data from their office computers during business hours but restrict access from personal devices or outside the office network. Context-aware authentication can also trigger additional verification steps, such as MFA, if a user attempts to access a system from an unusual location or device.

By adapting to the specific circumstances of each access attempt, context-aware authentication and authorization can significantly enhance security while minimizing disruptions to legitimate users.

TROUBLESHOOTING AUTHENTICATION AND AUTHORIZATION ISSUES

Even with the most advanced security technologies, issues can arise that hinder access or compromise security. Troubleshooting authentication and authorization problems requires a systematic approach, the right tools, and clear communication.

COMMON AUTHENTICATION AND AUTHORIZATION PROBLEMS

Authentication and authorization issues can manifest in various ways, causing frustration for users and potential security risks for organizations. Some common problems include:
• Account Lockouts: Users may be locked out of their accounts due to repeated failed login attempts, indicating a potential brute-force attack or a forgotten password (Microsoft, Account lockout threshold).
• Incorrect Credentials: Users may enter the wrong username or password, either due to human error or a compromised account.
• Authentication Failures: Authentication systems may fail due to technical glitches, misconfigurations, or attacks on the authentication infrastructure.
• Authorization Errors: Users may be denied access to resources they should be authorized to access, indicating a problem with the authorization policy or its implementation.

TROUBLESHOOTING TOOLS AND TECHNIQUES

Troubleshooting authentication and authorization issues requires a combination of technical skills and investigative acumen. Some essential tools and techniques include:
• Log Analysis: Examining system logs can reveal valuable information about failed login attempts, authentication errors, and unauthorized access attempts (solarwinds, How to Analyze Log Files: A Complete Guide).
• Network Monitoring: Monitoring network traffic can help identify suspicious activity, such as unusual login patterns or attempts to access restricted resources (ManageEngine, Network Monitoring).
• Debugging Tools: Specialized debugging tools can be used to analyze authentication and authorization processes in detail, pinpointing the root cause of problems.

BEST PRACTICES FOR TROUBLESHOOTING

Effective troubleshooting requires a systematic approach and clear communication. Here are some best practices to follow:

1. Gather Information: Collect as much information as possible about the issue, including the affected users, systems, and timeframes.
2. Reproduce the Problem: If possible, try to reproduce the problem to gain a better understanding of its cause.
3. Analyze Logs and Data: Examine relevant logs and data to identify patterns and anomalies.
4. Isolate the Issue: Determine whether the problem is related to authentication, authorization, or other factors.
5. Test Solutions: Implement potential solutions in a controlled environment before applying them to production systems.
6. Document Findings: Keep detailed records of the troubleshooting process, including the steps taken and the results obtained.
7. Communicate Clearly: Keep affected users and stakeholders informed about the progress of the troubleshooting efforts and any potential impacts.

By following these best practices, organizations can quickly and effectively resolve authentication and authorization issues, minimizing disruptions and ensuring the security of their systems and data.

CASE STUDIES

Real-world examples illustrate the practical application and effectiveness of advanced authentication and authorization technologies in safeguarding enterprise security. These case studies highlight the challenges organizations face and the innovative solutions they implement to overcome them.

CASE STUDY 1: FINANCIAL SERVICES FIRM STRENGTHENS SECURITY WITH MFA AND BIOMETRICS

A leading financial services firm, recognizing the increasing sophistication of cyberattacks targeting its customer accounts, decided to bolster its authentication measures. The firm implemented a multi-factor authentication (MFA) solution that required users to provide a fingerprint scan in addition to their password when accessing sensitive financial data (Forbes, Biometric Authentication In Financial Services). This added layer of security significantly reduced the risk of unauthorized access, even in cases where passwords were compromised.

To further enhance security, the firm also introduced behavioral biometrics to monitor user interactions and detect anomalies that could indicate fraudulent activity. By analyzing patterns such as typing speed, mouse movements, and navigation behavior, the system could identify deviations from normal user behavior and trigger additional verification steps or alerts (BioCatch, Case Studies). This proactive approach helped the firm prevent several potential fraud attempts and protect its customers’ assets.

CASE STUDY 2: HEALTHCARE PROVIDER IMPLEMENTS RBAC AND CONTEXT -AWARE AUTHORIZATION

A large healthcare provider faced the challenge of managing access to sensitive patient data while ensuring that healthcare professionals had the necessary permissions to provide quality care. The provider implemented a role-based access control (RBAC) system that assigned permissions based on job roles, such as doctors, nurses, and administrators (ScienceDirect, Role-Based Access Control (RBAC) in Health Care Information Systems). This simplified the management of access rights and ensured that only authorized personnel could view or modify patient records.

To further refine access control, the provider adopted context-aware authorization, which considered factors like the user’s location, device, and time of day. For instance, access to certain medical records was restricted to specific hospital departments or during designated working hours. This granular approach to authorization helped the provider comply with strict healthcare regulations and protect patient privacy.

CASE STUDY 3: E -COMMERCE GIANT STREAMLINES USER EXPERIENCE WITH SSO AND OAUTH

A global e-commerce giant sought to improve the user experience on its platform while maintaining robust security. The company implemented single sign-on (SSO), allowing customers to log in once and access multiple services, such as shopping, order tracking, and customer support, without having to re-enter their credentials (OneLogin, 5 Single Sign-On (SSO) Examples). This streamlined the user journey and reduced friction, leading to increased customer satisfaction and engagement.

To enable secure access to third-party applications and services, the company adopted OAuth, allowing customers to grant these applications limited access to their data without sharing their passwords. This approach provided a secure and convenient way for customers to integrate their e-commerce accounts with other online services, such as social media platforms or payment providers.

These case studies demonstrate the transformative power of advanced authentication and authorization technologies in real-world scenarios. By embracing these technologies, organizations can strengthen security, improve user experience, and adapt to the evolving landscape of digital threats.

CONCLUSION

Advanced authentication and authorization technologies have become indispensable for safeguarding enterprise assets. As traditional methods like passwords and access control lists prove increasingly inadequate against sophisticated cyber threats, organizations must embrace these innovative solutions to protect their sensitive data and systems.

Advanced authentication technologies, such as multi-factor authentication (MFA), biometrics, certificate-based authentication, and behavioral biometrics, offer robust and user-friendly ways to verify identity, significantly reducing the risk of unauthorized access. MFA adds layers of security by requiring multiple credentials, while biometrics leverage unique physical or behavioral characteristics for verification. Certificate-based authentication establishes trust through digital certificates, and behavioral biometrics analyzes user patterns for continuous authentication.

Advanced authorization technologies, like role-based access control (RBAC) and attribute-based access control (ABAC), provide granular and dynamic control over access to resources. RBAC simplifies permissions management by assigning them to roles, while ABAC considers various attributes for fine-grained access decisions. OAuth and OpenID Connect enable secure authorization for third-party applications, and XACML provides a standardized language for expressing access control policies.

Integrating these technologies through identity and access management (IAM) systems and single sign-on (SSO) solutions streamlines user access and enhances security.

Context-aware authentication and authorization further adapt access decisions to specific situations, ensuring that the right entities have the right access at the right time.

While implementing and troubleshooting these technologies can be complex, the benefits they offer in terms of enhanced security and improved user experience are undeniable. Organizations must invest in ongoing research, development, and collaboration to stay ahead of emerging threats and leverage the full potential of advanced authentication and authorization technologies. By embracing these innovative solutions, businesses can fortify their defenses against cyberattacks, protect their valuable assets, and foster a secure and productive digital environment for their employees and customers. The future of enterprise security lies in the continuous evolution and adoption of advanced authentication and authorization technologies, ensuring that organizations remain resilient in the face of ever-changing threats.

BIBLIOGRAPHY

1. Auth0. “OAuth 2.0 and OpenID Connect.” AUTH0, https://auth0.com/docs/protocols/oauth2.
2. BioCatch. “Case Studies.” BIOCATCH, https://www.biocatch.com/resources/case-studies/.
3. BioCatch. “What is Behavioral Biometrics?” BIOCATCH, https://www.biocatch.com/behavioral-biometrics/.
4. Duo Security. “The Pros and Cons of Different 2FA Methods.” DUO SECURITY, https://duo.com/blog/the-pros-and-cons-of-different-2fa-methods.
5. Forbes. “Biometric Authentication In Financial Services.” FORBES, 2019, https://www.forbes.com/sites/forbestechcouncil/2019/08/22/biometric-authentication-in-financial-services/.
6. Gartner. “Attribute-Based Access Control (ABAC).” GARTNER, https://www.gartner.com/en/information-technology/glossary/attribute-based-access-control-abac.
7. Gartner. “Multifactor Authentication (MFA).” GARTNER, https://www.gartner.com/en/information-technology/glossary/multifactor-authentication-mfa.
8. Imperva. “Credential Stuffing Attacks.” IMPERVA, https://www.imperva.com/learn/application-security/credential-stuffing-attack/.
9. Kaspersky. “Brute-force Attack.” KASPERSKY, https://www.kaspersky.com/resource-center/definitions/brute-force-attack.
10. ManageEngine. “Network Monitoring.” MANAGEENGINE, https://www.manageengine.com/network-monitoring/.
11. Microsoft. “Account Lockout Threshold.” MICROSOFT LEARN, https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-threshold.
12. Microsoft. “How to Recognize Phishing Email.” MICROSOFT, https://support.microsoft.com/en-us/windows/how-to-recognize-phishing-email-0c7ea947-ba98-3bd9-7184-430e1f860a09.
13. National Institute of Standards and Technology (NIST). “Digital Identity Guidelines.” NIST, https://pages.nist.gov/800-63-3/sp800-63b.html.
14. National Institute of Standards and Technology (NIST). “Role Based Access Control.” NIST, https://csrc.nist.gov/glossary/term/role_based_access_control.
15. OASIS Open. “eXtensible Access Control Markup Language (XACML) Version 3.0.” OASIS OPEN, https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
16. Okta. “What Is Identity and Access Management (IAM)?” OKTA, https://www.okta.com/identity-101/what-is-identity-and-access-management/.
17. Okta. “What Is Multi-Factor Authentication (MFA)?” OKTA, https://www.okta.com/multifactor-authentication/.
18. Okta. “What is OpenID Connect?” OKTA, https://www.okta.com/openid-connect/.
19. Okta. “What is SAML?” OKTA, https://www.okta.com/saml/.
20. OneLogin. “5 Single Sign-On (SSO) Examples.” ONELOGIN, https://www.onelogin.com/learn/5-sso-examples.
21. OneLogin. “What is Single Sign-On (SSO)?” ONELOGIN, https://www.onelogin.com/learn/what-is-single-sign-on.
22. PingIdentity. “Context-Aware Authentication: What It Is & Why It’s Important.” PINGIDENTITY, https://www.pingidentity.com/en/company/blog/posts/2019/context-aware-authentication.html.
23. RSA. “What Is Certificate-Based Authentication (CBA)?” RSA, https://www.rsa.com/en-us/blog/rsa-securid-blog/what-is-certificate-based-authentication-cba.
24. ScienceDirect. “Role-Based Access Control (RBAC) in Health Care Information Systems.” SCIENCEDIRECT, https://www.sciencedirect.com/topics/computer-science/role-based-access-control.