W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
FIDO UAF (Universal Second Factor Framework) Specifications: Overview & Tutorial
by Todd Thiemann, Nok Nok Labs
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
Authentication is a sneaky problem - the most secure options don't usually have widespread adoption, especially among consumer applications. But what if we could fix that? Narrator: we can. WebAuthn is a somewhat new authentication standard that uses our everyday devices like phones and computers and turns them into phishing-resistant security keys. It almost sounds too good to be true. This talk will dig into how the technology works, when you can and should use it, and how to get started. We'll dig into why this isn't widely adopted yet and if or when we can expect it to be. You'll walk away with a better understanding of a new authentication channel and possibly some hope for a more secure future.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
FIDO UAF (Universal Second Factor Framework) Specifications: Overview & Tutorial
by Todd Thiemann, Nok Nok Labs
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
Authentication is a sneaky problem - the most secure options don't usually have widespread adoption, especially among consumer applications. But what if we could fix that? Narrator: we can. WebAuthn is a somewhat new authentication standard that uses our everyday devices like phones and computers and turns them into phishing-resistant security keys. It almost sounds too good to be true. This talk will dig into how the technology works, when you can and should use it, and how to get started. We'll dig into why this isn't widely adopted yet and if or when we can expect it to be. You'll walk away with a better understanding of a new authentication channel and possibly some hope for a more secure future.
Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
Scripting extends ForgeRock products in a powerful way, both for deployers as well as developers. For OpenAM, deployers can embed the ssoadm command line utility in comprehensive shells scripts for ultra fast deployments and configurations. Developers can use scripts for client-side and server-side authentication, policy conditions, and handling OpenID Connect claims. In OpenIDM, scripting allows you to customize various aspects of OpenIDM functionality, by providing custom logic between source and target mappings, defining correlation rules, filters, triggers, and more.
Webinar Highlights:
Scripting
The ForgeRock Platform
Q&A
Join Anders Askåsen, Senior Technical Product Manager, and Javed Shah, Senior Sales Engineer, as they highlight the concepts and show examples and best practices for scripting with the ForgeRock Identity Platform.
OAuth and OpenID Connect for PSD2 and Third-Party AccessNordic APIs
Not only banks struggle with third-party systems needing access to their APIs. In this talk though, Daniel will discuss how this can be done in the banking sector according to the Payment Services Directive (PSD2) and also in other sectors where trust of third-parties is also of great importance.
This training camp teaches you how FIWARE technologies and iSHARE, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the development of innovative services based on data sharing and creating value out of the data they share. SMEs and Digital Innovation Hubs (DIHs) will be equipped with the necessary know-how to use the i4Trust framework for creating data spaces!
An online training course run by the FIWARE Foundation in conjunction with the i4Trust project. The core part of this virtual training camp (21-24 June 2021) covered all the necessary skills to develop smart solutions powered by FIWARE. It introduces the basis of Digital Twin programming using linked data concepts - JSON-LD and NGSI-LD and combines these with common smart data models for the sharing and augmentation of context data.
In addition, it covers the supplementary FIWARE technologies used to implement the common functions typically required when architecting a complete smart solution: Identity and Access Management (IAM) functions to secure access to digital twin data and functions enabling the interface with IoT and 3rd systems, or the connection with different tools for processing and monitoring current and historical big data.
This 12-hour online training course can be used to obtain a good understanding of FIWARE and NGSI Interfaces and form the basis of studying for the FIWARE expert certification.
Extending this core part, the virtual training camp adds introductory and deep-dive sessions on how FIWARE and iSHARE technologies, brought together under the umbrella of the i4Trust initiative, can be combined to provide the means for the creation of data spaces in which multiple organizations can exchange digital twin data in a trusted and efficient manner, collaborating in the creation of innovative services based on data sharing. In addition, SMEs and Digital Innovation Hubs (DIHs) that go through this complete training and are located in countries eligible under Horizon 2020 will be equipped with the necessary know-how to apply to the recently launched i4Trust Open Call.
Session 3 - i4Trust components for Identity Management and Access Control i4T...FIWARE
This session consists of two parts. The first part of the session will introduce you to i4Trust IAM components in detail while the second will introduce i4Trust Marketplace Services. Technical session for Local Experts in Data Sharing (LEBDs)
Learn how to deploy a lean API runtime infrastructure in your private enterprise environment while getting all the benefits of Apigee Edge API management in the cloud.
Distributed architectures make security difficult. JWT, OAuth2 and OIDC are standards that help in securing microservices. Microservices are deployed as containers. So container security too is critical to secure microservices. Learn how to holistically secure microservices.
OpenID Connect 4 SSI aims at specifying a set of protocols based on OpenID Connect to enable SSI applications. The initiative is conducted at OpenID Foundation in liaison with the Decentralized Identity Foundation (DIF). One of the specifications is built up on DID-SIOP in DIDAuth WG in DIF and SIOP v1 in OIDC Core.
DEVNET-1124 Cisco pxGrid: A New Architecture for Security Platform IntegrationCisco DevNet
This session will cover: · Functional and architectural basics of Cisco Platform Exchange Grid (pxGrid), the new publish/subscribe/query contextualinformation exchange framework for creating integration between DevNet partner platforms and Cisco security products. · Integration use-cases such as utilizing pxGrid for executing threat response actions on the network and using identity, endpoint device and user access privilege context to enhance our DevNet partners analytics, forensics and reporting. · First-hand developer perspective from DevNet partner ID/IP who used pxGrid to integrate Ping Identity and Cisco IdentityServices Engine.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
1. All Rights Reserved | FIDO Alliance | Copyright 20181
FKWG
FIDO Technical Seminar
W3C - Web Authentication API
ETRI
김석현
2018. 07. 16
2. All Rights Reserved | FIDO Alliance | Copyright 2018222222
Overview
● Web Authentication API(FIDO2) usage scenarios
● Web Authentication API Configuration, Characteristics and Attestation
● FIDO2 registration, authentication flow and Extensions
Relying PartyUser Agent
RP Client RP Server
FIDO Server
Web Authentication API
(JavaScript API)
CTAP
Platform
Authenticator
Browser
Platform
Cross-Platform
Authenticator
3. All Rights Reserved | FIDO Alliance | Copyright 20183
AGENDA
1. Use Cases
2. Web Authentication API
4. All Rights Reserved | FIDO Alliance | Copyright 20184
Use Cases
1. Platform Authenticator
2. Cross-Platform Authenticator
5. All Rights Reserved | FIDO Alliance | Copyright 2018555555
Use Cases – Platform Authenticator
● User experience (Authentication - Any credential)
https://example.com https://example.com
Please complete
the authentication.
Sign in
https://example.com https://example.com
Alice,
authentication complete.
Welcome to
example.com
Sign in as
Alice
Bob
● FIDO2 Service Requirements
○ Web pages (using web authentication API)
○ FIDO2 Server
6. All Rights Reserved | FIDO Alliance | Copyright 2018666666
Use Cases – Cross-Platform Authenticator
● User experience (Authentication - Any credential)
https://example.com https://example.com
Please complete
this action on your
phone.Sign in with your phone
https://example.com
Alice,
authentication complete.
Welcome to
example.com
● FIDO2 Service Requirements
○ Web pages (using web authentication API)
○ FIDO2 Server
○ Device (supporting CTAP-FIDO2 Authenticator)
Sign in to
example.com
Sign in as
Alice
Bob
Authorization
gesture
CTAP
7. All Rights Reserved | FIDO Alliance | Copyright 20187
Web Authentication API
1. WebAuthn API
2. Attestations
3. Registration
4. Authentication
5. Extentions
8. All Rights Reserved | FIDO Alliance | Copyright 2018888888
WebAuthn API 1/3
● WebAuthn API
○ The API provides the ability to register with a public key credential scoped to the site
through a web browser and to authenticate using a registered credential.
○ (Registration) Navigator.credentials.create()
○ (Authentication) Navigator.credentials.get()
● PublicKeyCredential inherits from Credential
○ Credential is a W3C Credential Management API for all types of credentials
■ http://www.w3.org/TR/credential-management-1/
● Public key credentials, each scoped to a given Relying Party are created and
stored on an authenticator.
○ Each authenticator stores a credentials map, a map from (rpId, [userHandle]) to public
key credential.
9. All Rights Reserved | FIDO Alliance | Copyright 2018999999
WebAuthn API 2/3
● PublicKeyCredential Interface
[SecureContext, Exposed=Window]
Interface PublicKeyCredential : Credential
{
[SameObject] readonly attribute ArrayBuffer rawId;
[SameObject] readonly attribute AuthenticatorResponse response;
AuthenticationExtensionsClientOutputs getClientExtensionResults();
};
○ Id, type
■ This attribute is inherited from Credential.
○ rawId
■ This attribute returns the ArrayBuffer contained in the [[identifier]] internal slot.
○ Response
■ (registration) AuthenticatorAttestationResponse
■ (authentication) AuthenticatorAssertionResponse
○ getClientExtensionResults()
■ This operation returns the value of [[clientExtensionsResults]].
10. All Rights Reserved | FIDO Alliance | Copyright 2018101010101010
WebAuthn API 3/3
● Platform (browser or OS)
○ Contextual(channel) bindings of both the Relying Party and the client platform.
○ Configure the CollectedClientData.
dictionary CollectedClientData
{
required DOMString type;
required DOMString challenge;
required DOMString origin;
TokenBinding tokenBinding;
};
Browser
FIDO2 Server
Authenticator
clientDataHash Signature
(clientDataHash)
- clientDataJSON
- Signature
The clientDataHsh is the hash of the CollectedClientDataJSON using SHA-256.
11. All Rights Reserved | FIDO Alliance | Copyright 201811
Web Authentication API
1. WebAuthn API
2. Attestations
3. Registration
4. Authentication
5. Extentions
12. All Rights Reserved | FIDO Alliance | Copyright 2018121212121212
Attestation statement format
● Packed Attestation
○ WebAuthn optimized attestation statement format.
○ It is implementable by authenticators with limited sources (e.g., secure elements).
● TPM Attestation
○ This attestation statement format is generally used by authenticators that use a
Trusted Platform Module as their cryptographic engine.
● Android Key Attestation
○ When the authenticator in question is a platform-provided Authenticator on the
Android “N”or later platform, the attestation statement is based on the Android Key
attestation.
● Android SafetyNet Attestation
○ When the authenticator in question is a platform-provided Authenticator on certain
Android platforms, the attestation statement is based on the SafetyNet API.
● FIDO U2F Attestation
○ FIDO U2F authenticators using the formats defined in FIDO-U2F-Message-Formats
specification.
● None Attestation
13. All Rights Reserved | FIDO Alliance | Copyright 2018131313131313
Attestation Object
“authData”: … “fmt”:”packed” “attStmt”:…
RP ID Hash FLAGS COUNTER ATTESTED CRED. DATA EXTENSIONS
Authentication Data
AAGUID L CREDENTIAL ID CREDENTIAL PUBLIC KEY
“alg”:… “sig”:… “x5c”:…
Attestation Statement (packed)
if Basic or Attestation CA:
“alg”:… “sig”:… “ecdaaKeyId”:…if ECDAA
Attestation Object
● The basic requirement is that the authenticator can produce, for each credential
public key, an attestation statement verifiable by the Relying Party.
14. All Rights Reserved | FIDO Alliance | Copyright 2018141414141414
Attestation type
● Attestation type in metadata statement
○ Basic Attestation (Basic full)
○ Self Attestation (Surrogate)
○ Attestation CA (Privacy CA)
○ Elliptic Curve based Direct Anonymous Attestation (ECDAA)
● AttestationConveyancePreference handled by platform
○ none, indirect, direct
15. All Rights Reserved | FIDO Alliance | Copyright 2018151515151515
Attestation trustworthiness
Relying PartyUser Agent
FIDO ServerAuthenticator
Metadata Service
Authentication
by RP
PubKey
PriKey
Cert
PriKey
Attestation
Issue Attestation Certificate
Root CA
Root CA Certificate
16. All Rights Reserved | FIDO Alliance | Copyright 201816
Web Authentication API
1. WebAuthn API
2. Attestations
3. Registration
4. Authentication
5. Extentions
18. All Rights Reserved | FIDO Alliance | Copyright 2018181818181818
Navigator.credential.create() 1/2
if (!window.PublicKeyCredential) { /* Platform not capable. Handle error. */ }
var publicKey = {
// The challenge must be produced by the server, see the Security Considerations
challenge: new Uint8Array([21,31,105 /* 29 more random bytes generated by the server */]),
// Relying Party:
rp: {
name: "ACME Corporation"
},
// User:
user: {
id: Uint8Array.from(window.atob("MIIBkzCCATigAwIBAjCCAZMwggE4oAMCAQIwggGTMII="), c=>c.charCodeAt(0)),
name: "alex.p.mueller@example.com",
displayName: "Alex P. Müller",
icon: "https://pics.example.com/00/p/aBjjjpqPb.png"
},
19. All Rights Reserved | FIDO Alliance | Copyright 2018191919191919
Navigator.credential.create() 2/2
// This Relying Party will accept either an ES256 or RS256 credential, but prefers an ES256 credential.
pubKeyCredParams: [
{
type: "public-key",
alg: -7 // "ES256" as registered in the IANA COSE Algorithms registry
},
{
type: "public-key",
alg: -257 // Value registered by this specification for "RS256"
}
],
timeout: 60000, // 1 minute
excludeCredentials: [], // No exclude list of PKCredDescriptors
extensions: {"loc": true} // Include location information in attestation
};
// Note: The following call will cause the authenticator to display UI.
navigator.credentials.create({ publicKey }).then(function (newCredentialInfo) {
// Send new credential info to server for verification and registration.
}).catch(function (err) {
// No acceptable authenticator or user refused consent. Handle appropriately.
});
20. All Rights Reserved | FIDO Alliance | Copyright 2018202020202020
Registration - Platform authenticator
if (!window.PublicKeyCredential) { /* Platform not capable of the API. Handle error. */ }
PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable()
.then(function (userIntent) {
// If the user has affirmed willingness to register with RP using an available platform authenticator
if (userIntent) {
var publicKeyOptions = { /* Public key credential creation options. */};
// Create and register credentials.
return navigator.credentials.create({ "publicKey": publicKeyOptions });
} else {
// Record that the user does not intend to use a platform authenticator
// and default the user to a password-based flow in the future.
}
}).then(function (newCredentialInfo) {
// Send new credential info to server for verification and registration.
}).catch( function(err) {
// Something went wrong. Handle appropriately.
});
21. All Rights Reserved | FIDO Alliance | Copyright 201821
Web Authentication API
1. WebAuthn API
2. Attestations
3. Registration
4. Authentication
5. Extentions
22. All Rights Reserved | FIDO Alliance | Copyright 2018222222222222
Authentication
● JavaScript API
○ Navigator.credentials.get({“publicKey”:PublicKeyCredentialRequestOptions})
dictionary PublicKeyCredentialRequestOptions
{
required BufferSource challenge;
unsigned long timeout;
USVString rpId;
sequence< PublicKeyCredentialDescriptor > allowCredentials = [];
UserVerificationRequirement userVerification = “preferred”;
AuthenticationExtensionsClientInputs extensions;
};
23. All Rights Reserved | FIDO Alliance | Copyright 2018232323232323
AuthenticatorAssertionResponse
● This response contains a cryptographic signature proving possession of the
credential private key, and optionally evidence of user consent to a specific
transaction.
[SecureContext, Exposed=Window]
Interface AuthenticatorAssertionResponse : AuthenticatorResponse
{
[SameObject] readonly attribute ArrayBuffer authenticatorData;
[SameObject] readonly attribute ArrayBuffer signature;
[SameObject] readonly attribute ArrayBuffer? userHandle;
};
[SecureContext, Exposed=Window]
Interface AuthenticatorResponse
{
[SameObject] readonly attribute ArrayBuffer clientDataJSON;
};
24. All Rights Reserved | FIDO Alliance | Copyright 2018242424242424
Navigator.credential.get() 1/3
if (!window.PublicKeyCredential) { /* Platform not capable. Handle error. */ }
var options = {
// The challenge must be produced by the server, see the Security Considerations
challenge: new Uint8Array([4,101,15 /* 29 more random bytes generated by the server */]),
timeout: 60000, // 1 minute
allowCredentials: [{ type: "public-key" }]
};
navigator.credentials.get({ "publicKey": options })
.then(function (assertion) {
// Send assertion to server for verification
}).catch(function (err) {
// No acceptable credential or user refused consent. Handle appropriately.
});
● Any Credential
25. All Rights Reserved | FIDO Alliance | Copyright 2018252525252525
Navigator.credential.get() 2/3
● Credential Hint
if (!window.PublicKeyCredential) { /* Platform not capable. Handle error. */ }
var encoder = new TextEncoder();
var acceptableCredential1 = {
type: "public-key",
id: encoder.encode("!!!!!!!hi there!!!!!!!n")
};
var acceptableCredential2 = {
type: "public-key",
id: encoder.encode("roses are red, violets are bluen")
};
26. All Rights Reserved | FIDO Alliance | Copyright 2018262626262626
Navigator.credential.get() 3/3
● Credential Hint
if (!window.PublicKeyCredential) { /* Platform not capable. Handle error. */ }
var options = {
// The challenge must be produced by the server, see the Security Considerations
challenge: new Uint8Array([8,18,33 /* 29 more random bytes generated by the server */]),
timeout: 60000, // 1 minute
allowCredentials: [acceptableCredential1, acceptableCredential2],
extensions: { 'txAuthSimple': "Wave your hands in the air like you just don’t care" }
};
navigator.credentials.get({ "publicKey": options })
.then(function (assertion) {
// Send assertion to server for verification
}).catch(function (err) {
// No acceptable credential or user refused consent. Handle appropriately.
});
27. All Rights Reserved | FIDO Alliance | Copyright 201827
Web Authentication API
1. WebAuthn API
2. Attestations
3. Registration
4. Authentication
5. Extentions
28. All Rights Reserved | FIDO Alliance | Copyright 2018282828282828
Extensions
● The mechanism for generating public key credentials and Authentication assertions.
● Defined Extensions. The browser has the option to implement an extension or not since this
is a client extension.
○ FIDO AppID (appId)
■ This allows Relying Parties that have previously registered a credential using the legacy FIDO JavaScript
APIs to request an assertion.
○ Simple Transaction Authorization (txAuthSimple)
○ Generic Transaction Authorization (txAuthGeneric)
○ Authenticator Selection (authnSel)
■ Relying Parties that wish to tightly control the experience around credential creation.
○ Supported Extensions (exts)
○ User Verification Index (uvi)
■ This allows the detection and prevention of "friendly fraud".
○ Location (loc)
○ User Verification Method (uvm)
■ for a multi-factor authentication (userVerification, keyProtection, matcherProtection)
○ Biometric Authenticator Performance Bounds (biometricPerfBounds)