QUERY SYSTEM AND METHOD TO DETERMINE AUTHENTICATIN CAPABILITIES

摘要

A system, apparatus, method, and machine readable medium are described for determining the authentication capabilities. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

主权项

1. A machine-implemented method for authenticating a user over a network comprising:
receiving at a client device from an authentication server a policy identifying a set of acceptable authentication capabilities for authenticating a user of the client device over the network, the acceptable authentication capabilities including one or more acceptable authentication device types; determining at the client device a set of client authentication capabilities available on the client device, including one or more authentication devices available on the client device; filtering at the client device the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating the user of the client, the filtered set of one or more authentication capabilities including one or more acceptable authentication devices for performing authentication on the client device; and using the filtered set of one or more authentication capabilities to register the filtered set of one or more authentication capabilities, including the one or more acceptable authentication devices, with an authentication service and authenticate the user with the authentication service over the network.