Previous Topic: Confidence Levels and SiteMinder AuthorizationNext Topic: CA Arcot Authentication and Risk Analysis

Implementation GuideProduct IntegrationsCA Arcot WebFort and RiskFortRisk Scores and Confidence Levels Compared

Risk Scores and Confidence Levels Compared

Although a risk score and a confidence level both help to ensure that the transaction is safe, there are differences between both values. Consider the following differences when planning for authorization decisions:

CA Arcot Risk Score

SiteMinder Confidence Level

A risk score is represented by a numeric scale 0–100.

A confidence level is represented by a numeric scale 0 -1000.

The lower the risk score, the greater the chance that the transaction is safe.

The higher the confidence level, the greater the chance that the transaction is safe.

Note: A value of zero (0) represents no confidence and results in SiteMinder denying access to the requested resource.

The following example workflow details the inverse relationship between a risk score and a confidence level:

  1. A user requests a SiteMinder protected resource and is forwarded to CA Arcot for authentication.
  2. The Adapter guides the user through authentication and risk analysis. Based on the CA Arcot evaluation and scoring rules, the user is authenticated with a risk score of 30. The lower risk score is representative of a safe transaction.

    Note: For more information about risk evaluation and scoring rules, see the CA Arcot RiskFort Administration Guide.

  3. The Adapter:
    1. Forwards the authentication decision to the Policy Server
    2. Converts the risk score to a confidence level using the following algebraic formula: 
      (100 - risk score) * 10 = confidence level

      In this example, the Adapter converts the risk score to a confidence level using the following:

      (100 - 30) * 10 = 700

      The higher confidence level is representative of a safe transaction.

  4. The Adapter inserts the confidence level into the user session ticket.
  5. The user requests a resource protected by a policy that requires a confidence level of at least 700.
  6. The Policy Server grants access to the resource.

More information:

Locate the CA Arcot Documentation

CA Arcot Integration Use Cases

The following use cases detail how you can integrate SiteMinder with CA Arcot strong authentication and risk evaluation. The use cases begin with a simple integration and progress into more complex scenarios.