Thanks to my former publisher, Addison-Wesley nee-Pearson Education, I can post several chapters of my favorite writing project: Authentication: From Passwords to Public Keys. I’m including these chapters as material for the Cloud Cybersecurity course I’m doing at the University of Minnesota for Coursera.
The book was published in 2001, and it’s based on solid, well-documented technical concepts. Everything is sourced through the “Notes” and “Bibliography” sections. Authentication captures the 2001 technologies very thoroughly. For many people, that’s as much authentication technology as they ever see.
Today, there are far more sophisticated mechanisms for federated authentication (the book calls it “indirect authentication”) like OpenID and OAuth. While SAML existed back then, it wasn’t yet a common feature in technical products. Password managers were rare and much harder to use than today.
Here are the chapters. I’ve annotated the chapter titles below to better reflect their contents in modern terms.
- Table of Contents
- Chapter 1: The Authentication Landscape
- Chapter 9: One Time Password Devices (Authentication Tokens)
- Chapter 10: Challenge Response Passwords
- Chapter 12: Authentication with Crypto Tokens (Kerberos and Windows 2000)
- Chapter 13: Public Keys (and Off-Line Authentication)
- Chapter 14: Public Key Certificates
- Chapter Notes: discussion of sources I used
This material is all copyright Addison Wesley Longmann 2002.