Ping Identity kicked off the Cloud Identity Summit today with new tools to help embed multifactor authentication in applications as well as with news of an expanded Identity Defined Security Alliance.
IDSA is a multivendor effort to help organizations deploy and manage identity technologies. Ping initially started the alliance as a way to identify best-in-class identity technologies that are interoperable. Today IDSA is adding CyberArk, F5, SailPoint and SecureAuth to its member roster, which already included Exabeam, Lieberman Software, Netskope, Optiv Security, ThreatMetrix and VMware.
“The idea behind IDSA is all about how to leverage identity to better enable security,” Andre Durand, CEO of Ping, told eWEEK.
A key goal for IDSA is to provide design patterns and best practices for identity deployment as well as to work across vendors to make product integration easier, Durand said.
PingID SDK
Also today, Ping Identity launched a new software development kit (SDK) in a bid to make it easier for developers to embed multifactor authentication (MFA) capabilities.
“We have had a mobile MFA product called PingID in the market for some time,” Durand said. “We started to get a lot of requests for PingID but not as a stand-alone app that could be downloaded, but rather for MFA functionality that could be embedded in a company’s own native app.”
The new PingID SDK answers customer demand for an embeddable MFA that can be built into other applications, providing strong authentication, he added. The PingID SDK can also be used as an authentication mechanism for approval—for example, a transaction that pushes a request to a phone for approval using biometric authentication such as Apple’s TouchID.
Pam Dingle, principal technical architect at Ping Identity, said the new SDK goes beyond the typical buzzwords associated with MFA.
“You can start to ask your users questions to help you to determine a security posture,” Dingle told eWEEK.
There are several common approaches in the market today for enabling MFA, including the FIDO Alliance’s U2F (Universal Second Factor) standards. Ping Identity is not using U2F, instead taking a different approach.
“The standard that we’re working toward is the OAuth Device Flow,” Dingle said.
The OAuth Device Flow abstract defines the standard as an “… authorization flow for browserless and input constrained devices, often referred to as the device flow, enables OAuth clients to request user authorization from devices that have an Internet connection.”
OAuth Device Flow is different from the FIDO standards, according to Dingle. FIDO is really about communicating securely with different authenticators, she said. As such, the PingID SDK could potentially be used to communicate with a FIDO-standards-based authenticator.
“The PingID SDK is really about providing a secure messaging interaction,” she said.
Machine Learning
Looking forward, Ping Identity is building out technology that will embrace machine learning and artificial intelligence (AI) to further improve identity security.
In his Cloud Identity Summit keynote, Durand said there is a need for the entire identity industry to do a better job at aggregating signals and applying intelligence to incoming data to make more informed decisions.
“We want to amass a set of signals around device and user behavior, including available authentication methods and mapping it all to the risk of what the user is doing,” he said. “In real time we want to help systems to make better access control decisions.”
Durand added that today there are various elements of intelligence present throughout the identity stack, but intelligence is not yet the centerpiece of a smart identity infrastructure.
“Unfortunately Ping doesn’t have an announcement in that space—but we will,” Durand said.