The concept of authentication hasbeen around for a long time in many forms. For example duediligence in commerce has traditionally been formalized todetermine whether the data presented in commercialpropositions are accurate and comprehensive. With theemergence of e-commerce the concept of authentication hasencompassed new realities that are a feature of therelatively narrow avenues for information and potentiallyhigh risks inherent in an online environment. This paperseeks to provide an understanding about the different waysof assuring authentication. These authentication rules andtools including for example public key infrastructure (PKI)are sometimes meant to set a legal and technologicalframework for trustworthy electronic transactions, promotinge-procurement, e-commerce, e-business, and e-government. Thetwo considerations of business risk and legal validity areboth intrinsic to the concept of authentication. This reportexplores the issues and solutions affecting the concept ofauthentication in terms of legislation, management andtechnology. This report finds that for online authenticationthings is not always what they may seem and that legislationand technology alone cannot build a trust environment and,if misunderstood, may produce a high risk illusion. It iscrucial that the limitations and fallibility of thetechnology be explicit in its commercial applications andthat business risks be managed accordingly.
PDF
download
878987797
028-85220240
