Page tree
Skip to end of metadata
Go to start of metadata
  • Push Authentication now recognized as a great way to easily authenticate users.
    • User identifies themselves
    • AM sends a Push Notification to the registered phone
    • User uses TouchId or Swipe to approve the authentication
    • User is logged in.
  • Customers now want to use a similar experience to approve a single transaction mid-session
    • User is authenticated
    • User wants to transfer funds, say, or more generally access a protected resource
    • User is sent a Push Authorization notification
    • User uses TouchId or Swipe to approve the transaction
    • Transaction takes place
    • Further approvals needed before resource can be accessed again (no replay possible)
  • AM 5.5 will deliver a new Transaction policy condition
    • Leveraging existing policy engine which protects resources, the new Transaction condition is an environmental condition
    • It can be configured to use Authenticate to Realm, Chain, Tree, Module
    • So not restricted to Push Authz
  • When accessing a resource protected by a Transaction condition:
    • the policy evaluation returns advice ("can't access this now, but follow this advice to get access") which includes a transactionId is used to limit approval to a single atomic access
    • the calling app needs to understand what to do with this advice. Agents-5 understand this for easy implementation.
    • the access is approved/denied and an audit entry is made
    • subsequent access requires further approval
  • Great solution for a single atomic access to a protected resource such as a financial API
  • No labels