By including environment information in a
security policy, a security architecture advantageously allows temporal, locational,
connection type and / or
client capabilities-related information to affect the sufficiency of a given credential type (and associated
authentication scheme) for access to a particular
information resource. In some configurations, time of access, originating location (physical or network) and / or
connection type form a
risk profile that can be factored into credential type sufficiency. In some configurations, changing environmental parameters may cause a previously sufficient credential to become insufficient. Alternatively, an authenticated credential previously insufficient for access at a given
trust level may be sufficient based on a changed or more fully parameterized session environment. In some configurations, the use of session tracking facilites (e.g., the information content of session tokens) can be tailored to environmental parameters (e.g.,
connection type or location). Similarly, capabilities of a particular
client entity (e.g., browser support for 128-bit
cipher or availablity of a
fingerprint scanner or
card reader) may affect the availability or sufficiency of particular
authentication schemes to achieve a desired
trust level.