Authentication Strategy

Authentication is the procedure through which a user or a device or a service (or application) provides sufficient credentials to satisfy access requirements to another service, application, or system.

User Authentication Strategy:

· Prepare and plan for Strong User Authentication

· Educate line of business application owners to use standard OS and directory protocol authentication and avoid application custom authentication.

· Use PKI product for digital certificate service and RMS product for license servic

· Keep Password logon as temporary authentication method for problematic road warriors

· Use Kerberos V5 as authentication protocol

· Use Smartcard/PIN two factor authentication, and evaluate USB Tokens, Wireless Smart Card, Biometrics, TPM authentication

Application/Service Authentication Strategy:

· Use Managed Password (strong password and changed by application itself), Hash, or Software Token for system account

· Evaluate TPM as long term solution for application/service authentication

Device Authentication Strategy:

· Use EAP-TLS machine cert in conjunction with user smart card cert for wireless LAN access

· Use Windows Vista (with Network Access Protection feature at server side) for wireless Corpnet LAN connection

· Use Windows Mobile 2005 (with software cert authentication) for wireless phone device email synchronization

· Evaluate TPM as long term solution for device authentication