Trabalho apresentado no âmbito do Mestrado em Engenharia Informática, como requisito parcial para obtenção do grau de Mestre em Engenharia InformáticaAuthentication systems, as available today, are inappropriate for the requirements of ubiquitous,
heterogeneous and large scale distributed systems. Some important limitations are: (i)
the use of weak or rigid authentication factors as principal’s identity proofs, (ii) non flexibility
to combine different authentication modes for dynamic and context-aware interaction criteria,
(iii) not being extensible models to integrate new or emergent pervasive authentication factors
and (iv) difficulty to manage the coexistence of multi-factor authentication proofs in a unified
single sign-on solution. The objective of this dissertation is the design, implementation and
experimental evaluation of a platform supporting multi-factor authentication services, as a contribution
to overcome the above limitations. The devised platform will provide a uniform and
flexible authentication base for multi-factor authentication requirements and context-aware authentication
modes for ubiquitous applications and services. The main contribution is focused
on the design and implementation of an extensible authentication framework model, integrating
classic as well as new pervasive authentication factors that can be composed for different
context-aware dynamic requirements. Flexibility criteria are addressed by the establishment of a
unified authentication back-end, supporting authentication modes as defined processes and rules
expressed in a SAML based declarative markup language. The authentication base supports an
extended single sign-on system that can be dynamically tailored for multi-factor authentication
policies, considering large scale distributed applications and according with ubiquitous interaction
needs