Dig Deeper Button
Id Management Use Cases

Use Cases

• Consistently grant access privileges across software using different identity management systems, regardless of user authentication or identification.

• Integrate technologies like SAML 2.0, PIV cards, OAuth, and OpenID to provide first responders authorized access to federal information resources.

• Implement a cross-organizational, anonymous authorization to reduce the attack surface of service-oriented architectures.

Identity Management

Navigate the identity management maze and alleviate the problems caused by password overwhelm.

Organizations and their users are drowning in usernames and passwords. Attacks against large password databases are becoming more common, putting user privacy and corporate or government assets at risk. When separate organizations collaborate by integrating their IT systems, the problem only gets worse. Technologies like OpenID, OAuth, and SAML might one day evolve into a solution that alleviates the very real inconvenience and risk, but in the meantime, how can your organization navigate the identity management problem and solution spaces? Galois' identity, authentication, and authorization experts have developed a set of technologies that might apply to your organization. If not, we can partner to identify or develop a solution that is right for you.

Mobile authentication using QR codes:
Animate Login

Animate Login replaces passwords with mobile phones and replaces typing passwords with scanning a barcode on that phone. Our approach links user and browser session with the phone's Internet connection to send a long and complex shared secret to the website, proving the user's identity.


Building identity systems through account linking:
Open Science Grid

Galois is collaborating with Open Science Grid to provide authentication and authorization management and integration to science experiments that must interact with multiple, incompatible identity systems.


Anonymity in service-oriented architectures for potentially compromised environments:
Federated Search Manager

In service-oriented architectures (SOAs), components are eventually compromised, so levels of trust are set appropriately. Advanced attacks often gain access to a trusted component, and that infiltration is used as a launching point to escalate privileges. Anonymous authorization is a design principle that can be used to decrease the level of trust required and reduce the attack surface of SOAs. Our Federated Search Manager is a prototype implementation of a cross-organizational and anonymous authorization system.


Securely federate user identities across state and federal infrastructures:
Identity Federation

In collaboration with a government agency, Galois developed an architecture to securely federate user identities across state and federal infrastructures.