Gluu publishes open source mobile phone authentication software to enable derived credentials
oxPush enables a person to receive an almost instantaneous out-of-band “mobile push” notification to enable any smart device to serve as the “something you have.”
December 17, 2013 – Austin, TX — Gluu announced today that development of its new open source mobile two-factor authentication app and server platform, oxPush, has been completed and is now available for enterprise use. oxPush is an Apache Cordova project, and is a single html5 page. Organizations can customize this page, and distribute their own branded app for authentication. Cordova can be deployed on Android, IOS, Windows and Blackberry mobile platforms.
Gluu’s goal was to publish a free and customizable alternative to commercial authentication services. “Currently organizations present a very specific user experience for Web authentication. A similar amount of control is desirable for mobile authentication,” said Michael Schwartz, Gluu CEO. “An open source platform like oxPush makes it easier for an organization to implement the hooks to enable derived credentials by utilizing the mobile PKI and biometric capabilities of the device.”
Of the numerous commercial solutions available, many organizations are turning to mobile two-factor authentication (2FA) to augment their existing systems. An obvious choice, mobile two-factor authentication is appealing because of its user friendly nature, economic cost structure and security effectiveness. However, despite acknowledged security concerns and high levels of account hacking and personal data theft, many organizations have been slow to adopt and implement stronger forms of authentication.
“We felt that an open source alternative to pay-per-user type two-factor authentication solutions would lower the barriers for more organizations to implement better security,” said Schwartz. “There is no license fee for passwords. And it may sound silly, but businesses are simply not used to the idea that they need to pay for authentication.”
oxPush is published under an MIT open source license, and the implementation script can be downloaded for free on the Gluu Federation GitHub account. After an organization implements oxPush, users will be prompted to download the application upon their first authentication attempt, bind their device with their account via a QR code snapshot, and then approve all subsequent authentication attempts via an out-of-band (OOB) push to their mobile phone.
oxPush, used with the Gluu Server is a fully customizable, standards-based authentication and authorization solution that is designed to run “out-of-the-box” on your existing hardware or a dedicated cloud server provided by Gluu. View a complete list of current two-factor authentication solutions supported by the Gluu Server.
Gluu provides design, build, and operational services to organizations that want to deploy OX for mission critical authentication and authorization. The “OX” open source project, maintained by Gluu, implements two profiles of OAuth 2.0: OpenID Connect for authentication and UMA for authorization. A subscription to the Gluu Server, Gluu’s flagship service, enables an organization to quickly deploy one or more OX instances for their Internet domain, on the IAAS platform of their choice, to enable single sign-on, multi-factor authentication, and web access management.