CReDo Phase 2: Multi Factor Authentication implementation

Member Resources
Digital Twin Hub > Downloads > CReDo Phase 2: Multi Factor Authentication implementation

Related Downloads

CReDo technical report 1: Building a Cross-Sector Digital Twin
Sarah Hayes presents Architectures for Data sharing – Industry collaboration
Feature Focus 17.5.22, Gemma Beard, IOTICS presents Foundation of the digital twin ecosystem – SHAPE UK

Download File

  • File Information
  • Size: 0
  • Type:
Download File

The Science and Technology Facilities Council (STFC) are a key partner in the CReDo project (Climate Resilience Demonstrator) and have played a key role in designing and providing the security infrastructure that enables data sharing between the project partners.

This document provides a high-level overview of the implementation of the Multi-Factor Authentication (MFA) enabled Proxy that has been developed for CReDo phase 2, the landing application and their supporting technology.

The MFA solution deployed in this second phase of the CReDo project follows the Authentication Factors Principle (AFP) that states that any authenticator factors should fall within one of the three following categories:

·         Knowledge, things a user knows (e.g., password).

·         Possession, things a user has (e.g., phone).

·         Inherence, things a user are (e.g., fingerprint)

To truly design solutions that are secure, it is imperative to have two or more MFA authentication methods from different categories. The current CReDo solution has a password (knowledge) and phone based onetime passcodes (possession). This reduces the chance of any attacker gaining access to an account.

This solution is a key and novel aspect of the security setup of CReDo. The Identity Access Management (IAM) system implemented enables Single Sign On (SSO) for a website portal and an SSH Linux terminal, with Multi-Factor Authentication (MFA) required for both. Unlike conventional SSH access requiring distinct identities, a novel use of OpenID Connect’s device code flow by STFC enables users to authenticate in the Linux terminal, unifying IAM SSO for both platforms. This eliminates the need for separate identities for website and SSH access, allowing a centralized Role-Based Access Control (RBAC) system to be established, streamlining administrative tasks. The solution offers a unified login for developers, permits real-time permission management, and facilitates admin control over user access and permissions across both the web portal and Linux terminal.

To learn more about how the CReDo team has designed and implemented this solution, please refer to this document.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .