Direct Authentication (Hogg, Smith, Chong, Hollander, Kozaczynski, Brader, Delgado, Taylor, Wall, Slater, Imran, Cibraro, Cunningham)
How can a service verify the credentials provided by a consumer?
Some of the capabilities offered by a service may be intended for specific groups of consumers or may involve the transmission of sensitive data. Attackers that access this data could use it to compromise the service or the IT enterprise itself.
Service capabilities require that consumers provide credentials that can be authenticated against an identity store.
The service implementation is provided access to an identity store, allowing it to authenticate the consumer directly.
Consumers must provide credentials compatible with the service's authentication logic. This pattern may lead to multiple identity stores, resulting in extra governance burden.
By having the service authenticate consumer requests against an identity store, only safe consumers can access sensitive data and logic.