Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
This tutorial walks through how to build a website with a simple re-authentication functionality using a fingerprint sensor. Re-authentication is a concept where a user signs into a website once, then authenticate again as they try to enter important sections of the website, or come back after a certain interval, etc in order to protect the account. It also covers how to build an Android app with a simple re-authentication functionality using a fingerprint sensor. "Re-authentication" is a concept where user signs into an app once, then authenticate again when they come back to your app, or trying to access an important section of your app.
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
The FIDO Alliance has launched of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
WebAuthn - The End of the Password As We Know It?Thomas Konrad
WebAuthn has been around for some time now, and it has quite some potential to shape the future of authentication. In this Meetup, we'll explore how it works and walk through a sample implementation. Questions we'll answer in this Meetup:
- What is WebAuthn?
- How exactly does it work?
- How is WebAuthn better than traditional password authentication?
- How can I implement WebAuthn for my web application?
- Is WebAuthn multi-factor authentication?
- What are the weaknesses and practical pitfalls?
- What about user and public key enumeration?
- Is WebAuthn also usable for computer logins and on smartphones?
- Does it have the potential to superseed password authentication?
WebAuthn and Security Keys = Unlocking the key to authentication by John Fontana, Yubico on behalf of Christiaan Brand at Google
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
The FIDO Alliance has launched of the FIDO Device Onboard (FDO) protocol, a new, open IoT standard that enables devices to simply and securely onboard to cloud and on-premise management platforms. Through this standard, the FIDO Alliance addresses challenges of security, cost and complexity tied to IoT device deployment at scale. FIDO Device Onboard furthers the fundamental vision of the Alliance, which has brought together 250+ of the most influential and innovative companies and government agencies from around the world to address cyber security in order to eliminate data breaches, and enable secure online experiences.
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
WebAuthn - The End of the Password As We Know It?Thomas Konrad
WebAuthn has been around for some time now, and it has quite some potential to shape the future of authentication. In this Meetup, we'll explore how it works and walk through a sample implementation. Questions we'll answer in this Meetup:
- What is WebAuthn?
- How exactly does it work?
- How is WebAuthn better than traditional password authentication?
- How can I implement WebAuthn for my web application?
- Is WebAuthn multi-factor authentication?
- What are the weaknesses and practical pitfalls?
- What about user and public key enumeration?
- Is WebAuthn also usable for computer logins and on smartphones?
- Does it have the potential to superseed password authentication?
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
Overview of FIDO Security Requirements and CertificationsFIDO Alliance
Overview of FIDO Security Requirements and Certifications by Laurence Lundblade, Docomo Innovations
- Presented at FIDO Seoul Public Seminar on December 5th, 2018
[WSO2Con USA 2018] Design and Implementation of the Veridium Authenticator: A...WSO2
This slide deck describes the Veridium Authenticator - a biometric federated authenticator - its design, implementation and customer deployments using WSO2 Identity Server in front of many service providers including GSuite, AWS, Dropbox, Office365, Citrix Netscaler, and Storefront.
Watch video: https://wso2.com/library/conference/2018/07/wso2con-usa-2018-design-and-implementation-of-the-veridium-authenticator/
[WSO2Con EU 2017] Building Smart, Connected Products with WSO2 IoT PlatformWSO2
WSO2 IoT Platform is one of the most adaptive Apache licensed open source IoT platforms available today. This slide deck discusses best of breed technologies WSO2 IoT Platform offers for device manufacturers to develop connected products as well as rich integration and smart analytics capabilities for system integrators to adopt devices into systems they build.
apidays Paris 2022 - Securing APIs in Open Banking, Takashi Norimatsu, Hitachiapidays
December 14, 15 & 16, 2022
Securing APIs in Open Banking - FAPI and its implementation to OSS
Takashi Norimatsu, Senior Engineer at Hitachi, Ltd.
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
Deep dive into the API industry with our reports:
https://www.apidays.global/industry-reports/
Subscribe to our global newsletter:
https://apidays.typeform.com/to/i1MPEW
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
FIDO2 & Microsoft
1. All Rights Reserved | FIDO Alliance | Copyright 20181
FIDO2
&
Microsoft
Anthony Nadalin
Microsoft
2. The Big Picture
STANDARDS, INTERACTIONS, INTEROPERABILITY
All Rights Reserved | FIDO Alliance | Copyright 20182
3. All Rights Reserved | FIDO Alliance | Copyright 20183
STANDARDS
▸ To understand how FIDO2 works there are 2 specifications that define
an abstraction layer that create the ecosystem for strong
authentication:
▸ Platform - Client to Authenticator Protocol (CTAP2)
▸ Specification lives at FIDO Alliance – status proposed standard
▸ Wire formats, data structures
▸ Web – Web Authentication API (WebAuthn)
▸ Specification lives at W3C – status proposed recommendation
▸ Javascript API, wire formats, data structures
4. All Rights Reserved | FIDO Alliance | Copyright 20184
THE CAST OF CHARACTERS
▸ Relying Parties and Clients
▸ Relying Parties are web or native applications that consume strong
authentication
▸ Native Application running on client device can also act as
Webuthn client to make direct WebAuthn calls.
▸ Web Application is the entity that consumes the authentication
cannot directly interact with WebAuthn API and must “broker”
through the browser
▸ Client Devices
▸ Client device is the hardware used for strong authentication
▸ Laptops, phones, dongles, etc.
5. All Rights Reserved | FIDO Alliance | Copyright 20185
THE CAST OF CHARACTERS
▸ Platform Authenticators
▸ Usually resident on a client device and can’t be accessed via cross-
platform transport protocols like HID, NFC or BLE
▸ Built-in Laptops, fingerprint readers, facial recognition, etc.
▸ Roaming Authenticators
▸ Can connect to multiple client devices and interation must be
negotiated over a supported transport layer
▸ USB Security Keys, BLE enabled smartphone applications, or
NFC proximity cards
▸ Can support CTAP1, CTAP2 or both protocols
▸ List of certified authenticators see
https://fidoalliance.org/certification/fido-certified-
products/
6. All Rights Reserved | FIDO Alliance | Copyright 20186
FIDO CERTIFIED AUTHENTICATORS
7. All Rights Reserved | FIDO Alliance | Copyright 20187
THE CAST OF CHARACTERS
▸ CTAP2 Platform
▸ The part of the client device that negotiates with the Authenticator
▸ Responsible for origin of request and calling CTAP2/CBOR APIs
9. All Rights Reserved | FIDO Alliance | Copyright 20189
INTERACTIONS
▸ Many to Many
▸ Many relying parties and clients can interact with many
authenticators on a single client device
▸ Users can install many browsers that support WebAuthn
▸ Chrome, Edge, Firefox
▸ Safari see https://bugs.webkit.org/show_bug.cgi?id=181943
▸ Have access to many authenticators
10. All Rights Reserved | FIDO Alliance | Copyright 201810
SAFARI ANNOUNCES FIDO TESTING
11. All Rights Reserved | FIDO Alliance | Copyright 201811
INTEROPERABILITY
▸ Before WebAuthn and CTAP2 there was U2F and CTAP1
▸ WebAuthn and CTAP2 were designed to be interoperable with CTAP1
Authenticators and U2F.
▸ Authenticators may support
▸ Keys for multiple accounts can be stored per relying party
▸ Client PIN
▸ Transactional Approval
▸ HMAC Secret (enables offline scenarios)
12. All Rights Reserved | FIDO Alliance | Copyright 201812
SO WHAT HAVE WE ACCOMPLISHED SO FAR
▸ Converged CTAP and WebAuthn
▸ Platforms have implemented: Windows, Mozilla, Chrome, Android
▸ Implementations of CTAP External authenticators exist
▸ Conducted several successful interop tests
▸ Q1 2019, critical use cases can be deployed ‘in the wild’ by any RP
13. All Rights Reserved | FIDO Alliance | Copyright 201813
ENABLED USECASES
▸ 2nd factor authentication: User has a password, but it's not enough to
sign in
▸ Standardized in FIDO and W3C
▸ Implemented by 3 browsers on Windows, Linux, ChromeOS, OS X,
Android, iOS*
▸ Had several successful interops
▸ 1st factor authentication: User has no password
▸ Standardized in FIDO and W3C
▸ Implemented* by 2 browsers on Windows
14. All Rights Reserved | FIDO Alliance | Copyright 201814
▸ Need to install custom app/binary for biometrics management
▸ → API to add/remove fingerprint etc. to authenticator
▸ No way to manage resident credentials
▸ → API to display, delete credentials on authenticator
▸ Enterprise features
▸ Forwarding FIDO authenticators (through RDP, VNC, SSH, etc)
▸ Using them for SSH access
▸ Individual attestation in enterprise contexts
▸ Minor tweaks
▸ Authenticators supplying their supported transports
POSSIBLE FUTURES
16. All Rights Reserved | FIDO Alliance | Copyright 201816
▸ 4 Years in the making
▸ Introduced idea ofFIDO2 to FIDO Alliance in 2014
▸ Refined, improved, enhanced
▸ Windows 10 October Release
▸ Updated to use WebAuthn Candidate Release
▸ Updates to use CTAP2 Proposed Standard
IMPLEMENTATION
17. All Rights Reserved | FIDO Alliance | Copyright 201817
▸ Microsoft’s WebAuthn Relying Party
▸ Logon services for xBox, Skype, Outlook and many other services
▸ Authenticators MUST have the following capabilities:
▸ Keys must be stored locally on the authenticator, not on a server
in the cloud
▸ Offline scenarios must work (HMAC-secret)
▸ Users must be able to put keys for multiple user accounts on
same authenticator
▸ Authenticators must be capable of unlocking a TPM with a client-
PIN
▸ Microsoft Account will not accept CTAP1 (U2F)
MICROSOFT ACCOUNT
18. All Rights Reserved | FIDO Alliance | Copyright 201818
▸ Microsoft’s WebAuthn Client
▸ Edge can handle the User Interface for WebAuthn and CTAP2
▸ Support AppID for interacting with CTAP1 and CTAP2 Authenticators
▸ Supports creation and usage of U2F and FIDO2 Authentication
▸ Does NOT support CTAP1 protocol
▸ Relying Parties MUST use WebAuthn
▸ Edge on Android does NOT support WebAuthn as of now
▸ See https://docs.microsoft.com/en-us/microsoft-edge/dev-
guide/windows-integration/web-authentication
MICROSOFT EDGE
20. All Rights Reserved | FIDO Alliance | Copyright 201820
▸ Microsoft’s WebAuthn Platform
▸ Win32 Platform WebAuthn APIs that enable clients to interact with
Windows Hello
WINDOWS 10