SlideShare a Scribd company logo
1 of 112
Getting Started
With WebAuthn
An Overview and Example
Nick Steele
@codekaiju
$whoami
● Principal R&D Engineer
○ Duo Labs (part of Cisco)
● W3C Invited Expert
● Sometimes outdoorsy
“Good security is not about what
you can prevent, but what you
can enable”
WebAuthn is a unicorn; it decreases
user friction and increases security.
Workshop Overview
● Setting up the code (5 Minutes)
● Introduction (10 Minutes)
● Credential Requests and Responses (15 - 20 Minutes)
● Unpacking Credential Responses (10 Minutes)
● Basic Validation Steps (15 Minutes)
● Ongoing Development (10 Minutes)
○ Resident Keys (Passwordless and… Username-less?)
○ Account Recovery
● Q&A (Remaining Time)
Key Takeaways
● High level understanding of the WebAuthn specification and terminology
● How WebAuthn registration and login requests are structured and why
● How to parse and validate Credential Responses
● What attestation is and when to handle it
● How WebAuthn and FIDO2 Authentication make a more secure web
Code Setup
We’re using webauthn.io
( Disclosure: I made it! With the help of many people! )
Software Requirements
Recommended Browsers
2 Libraries
Core Library
$ git clone https://github.com/duo-labs/webauthn.git
If you want to use Go
$ go get github.com/duo-labs/webauthn.io
$ cd $GOPATH/src/github.com/duo-labs/webauthn.io
$ go build -i; ./webauthn.io
If you want to use Docker
$ git clone https://github.com/duo-labs/webauthn.io.git
$ cd webauthn.io
$ docker build -t webauthn.io .
$ docker run --rm -p 9005:9005 webauthn.io
If you just want to follow along
$docker run --rm -p 9005:9005 duolabs/webauthn.io
http://localhost:9005
## Docker
$git clone https://github.com/duo-labs/webauthn.io.git
$cd webauthn.io
$docker build -t webauthn.io .
$docker run --rm -p 9005:9005 webauthn.io
## Golang
$go get github.com/duo-labs/webauthn.io
$cd $GOPATH/src/github.com/duo-labs/webauthn.io
$go build -i; ./webauthn.io
## Just the web app
$ docker run --rm -p 9005:9005 duolabs/webauthn.io
If you’re busy installing the requirements still...
Just go to webauthn.io
Introduction
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
“In the beginning the Password was created.
This has made a lot of people very angry and
been widely regarded as a bad move.”
- Douglas Adams, kinda
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
81% of breaches leveraged
either stolen and/or weak
passwords.
Source: 2017 Verizon Data Breach Investigations Report
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
“Kind of a nightmare...”
- The guy who invented it RIP
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
But we keep using them.
In fact, let’s use them
more.
CONFIDENTIAL INFORMATION PROPERTY OF DUO SECURITY, INC.
“The average… user has over
107 accounts registered to one
email address… In 2020, the
average number of accounts per
internet user will be 207”
- Dashlane, 2015
Guess the best solution is to buy a
password manager, right?
Definitely not get rid of passwords...
WebAuthn
WebAuthn is a JavaScript API. It defines
two methods, create and get, that can
be used to register and assert ownership of
credential key pairs for a given website.
● Developed by W3C and The FIDO Alliance
○ Includes companies like Google, Microsoft, Mozilla, Paypal, IBM, Yubico, and
Duo!
● Became a publicly recommended standard in March 2019
● Developed in part as a improvement upon the U2F standard
○ But includes many additional features and abilities
Introduction: WebAuthn
● It allows for the creation of strong, attested, and scoped
credentials.
● The credentials are public and private key pairs
● Created with cryptographically strong and sound math.
● The authenticator can attest that it created a credential
● The credential is scoped for a single website
Introduction: WebAuthn
Introduction: Terms
Authenticator Client Relying Party
WebAuthnCTAP2
Introduction: Terms
Authenticator Client Relying Party
Introduction: Terms
CTAP1👏 IS 👏 U2F
WebAuthnCTAP2
FIDO2 Authentication
Introduction: Terms
Registration
ex.com
“Create an account for ex.com”
Registration
ex.com
“Here is some data and a list of
parameters the credential should
have”
Registration
“Given these options, try making a Credential”
Registration
PublicKeyCredential
Registration
ex.com
JSON(PublicKeyCredential)
Registration
ex.com
“The data I sent you is signed correctly and you
followed my options!”
Registration
ex.com
+ ID
Login (Assertion)
ex.com
“Log me in to ex.com”
Login (Assertion)
ex.com
ID
“Assert that you own the private key for this
credential with the given ID by signing this data”
Login (Assertion)
“Given these options and ID, prove you own it”
Login (Assertion)
PublicKeyCredential
Login (Assertion)
ex.com
JSON(PublicKeyCredential)
Login (Assertion)
ex.com
“This data is properly signed and proves you
own the private key”
Requests and
Responses
The Registration Request
ex.com
“Here is some data and a list of
parameters the credential should
have”
webauthn/protocol/options.go
type PublicKeyCredentialCreationOptions struct {
Challenge Challenge
RelyingParty RelyingPartyEntity
User UserEntity
Parameters []CredentialParameter
AuthenticatorSelection AuthenticatorSelection
Timeout int
CredentialExcludeList []CredentialDescriptor
Attestation string
}
The Relying Party should
hand back a response that
looks like this
Credential Creation Options
webauthn/protocol/options.go
type PublicKeyCredentialCreationOptions struct {
Challenge Challenge
RelyingParty RelyingPartyEntity
User UserEntity
Parameters []CredentialParameter
AuthenticatorSelection AuthenticatorSelection
Timeout int
CredentialExcludeList []CredentialDescriptor
Attestation string
}
These 3 are required, the
rest are optional but
recommended.
Credential Creation Options
webauthn/protocol/options.go
type PublicKeyCredentialCreationOptions struct {
Challenge Challenge
RelyingParty RelyingPartyEntity
User UserEntity
Parameters []CredentialParameter
AuthenticatorSelection AuthenticatorSelection
Timeout int
CredentialExcludeList []CredentialDescriptor
Attestation string
}
● Generated by RP server-side.
● Helps prevent replay attacks
● Stored until the registration is
complete
○ As session data, in a DB, etc...
Challenge Parameter
webauthn/protocol/entities.go
type RelyingPartyEntity struct {
Name string // Organization Name most likely
Icon string // URL of a image/logo/avatar
ID string // usually the origin url (https://ex.com)
}
● Only the name is required
○ ID can be overridden
○ ex.com can create an account for
test.ex.com
○ not vice versa
● ID must have HTTPS
Relying Party Information
webauthn/protocol/entities.go
type UserEntity struct {
Name string // Readable name used by the RP
Icon string
DisplayName string // Readable name chosen by the user
ID []byte // The RP’s ID for the user.
}
● Name and ID are required
● Display Name is used for the
user’s notification
User Information
webauthn/protocol/options.go
type CredentialParameter struct {
Type string // Should be “public-key”
Algorithm string // A COSE Algorithm Identifier
}
● Only public-key is currently
defined as a type
● The algorithm field should be a
value defined in the IANA COSE
Registry
○ -7 for ES256, -257 for RS256, etc
Credential Parameters
webauthn/protocol/options.go
type AuthenticatorSelection struct {
// Attachment could be “platform” or “cross-platform”
AuthenticatorAttachment string
RequireResidentKey boolean // Should the key be Resident
// Should the user be verified?
// Can be “required”, “preferred”, or “discouraged”
UserVerificationRequiremnet string
}
● None are required
● User Verification defaults to
“preferred”
● Authentication attachment tells
us how it should be connected
○ “cross-platform” is “roaming”
○ “platform” is internal to the
device
● We’ll talk more about resident
keys later
Authenticator Selection
webauthn/protocol/options.go
type PublicKeyCredentialCreationOptions struct {
Challenge Challenge
RelyingParty RelyingPartyEntity
User UserEntity
Parameters []CredentialParameter
AuthenticatorSelection AuthenticatorSelection
Timeout int
CredentialExcludeList []CredentialDescriptor
Attestation string
}
● The amount of time to allow the
authenticator/user to respond
● Not required by the client
○ May actually be overridden
● Uses milliseconds
● Recommend 60 seconds
○ That’s 60000 milliseconds!
Timeout Parameter
webauthn/protocol/options.go
type PublicKeyCredentialCreationOptions struct {
Challenge Challenge
RelyingParty RelyingPartyEntity
User UserEntity
Parameters []CredentialParameter
AuthenticatorSelection AuthenticatorSelection
Timeout int
CredentialExcludeList []CredentialDescriptor
Attestation string
}
● Allows us to exclude an
authenticator if it contains a
credential described in this list
● This is helpful for registering
multiple authenticators
● We’ll talk more about the
CredentialDescriptor
object later.
Credential Exclusion List
webauthn/protocol/options.go
type PublicKeyCredentialCreationOptions struct {
Challenge Challenge
RelyingParty RelyingPartyEntity
User UserEntity
Parameters []CredentialParameter
AuthenticatorSelection AuthenticatorSelection
Timeout int
CredentialExcludeList []CredentialDescriptor
Attestation string
}
● Tells us if we want the
authenticator to attest the
credential
● Three conveyance types
○ Direct
○ Indirect
○ None
Attestation Conveyence
Registration Request
“Given these options, try making a Credential”
In JSON
Provided to
navigator.credentials.create()
Requested at line 105 in
webauthn.io/static/dist/js/webauthn.js
{
"challenge":"InlQbas7et/4C0DVVW9/4qzoz2NuyM9c=",
"rp": {
"name": "webauthn.io",
"id": "webauthn.io"
},
"user": {
"name": "testuser",
"displayName": "testuser",
"id": "9AUAAAAAAAAAAA=="
},
"pubKeyCredParams": [
{
"type": "public-key",
"alg": -7
},
...
],
"authenticatorSelection": {
"authenticatorAttachment": "platform",
"requireResidentKey": false,
"userVerification": "preferred"
},
"timeout": 60000,
"attestation": "direct"
}
Registration Request
Registration Request
PublicKeyCredential
Registration Response
ex.com
JSON(PublicKeyCredential)
In JSON
Provided from
navigator.credentials.create()
Returned at line 107 in
webauthn.io/static/dist/js/webauthn.js
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"attestationObject":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG..."
}
}
Registration Response
ex.com
“The data I sent you is signed correctly and you
followed my options!”
Registration Response
ex.com
+ ID
Registration Response
Side-note: Extensions
In JSON
Provided to
navigator.credentials.create()
{
// In your Registration Options
“extensions”: {
“loc” : “true”
}
// Will ask for the authenticators geo-loc
}
Registration Request
with Extensions
In JSON
If you have the results you have to
parse them with this function.
// I create a credential with the extension args
credential = navigator.credentials.create(options)
extensions = credential.getClientExtensionResults()
// extensions contains a map of extension IDs
keyed to their results.
Registration Response
with Extensions
Extensions
● Depending on the extension, can be requested at
registration, login, or both
● Extensions can require input/output from the client and/or
the authententicator
● Most helpful extension right now is probably the
AppID extension for login
○ Allows for retro-support of legacy FIDO APIs
Login Requests and Responses
Login (Assertion)
ex.com
ID
“Assert that you own the private key for this
credential with the given ID by signing this data”
webauthn/protocol/options.go
type PublicKeyCredentialRequestOptions struct {
Challenge Challenge
Timeout int
RelyingPartyId string
AllowedCredentials []CredentialDescriptor
UserVerification string
}
The Relying Party should
hand back a response that
looks like this
Credential Assertion Options
webauthn/protocol/options.go
type PublicKeyCredentialRequestOptions struct {
Challenge Challenge
Timeout int
RelyingPartyId string
AllowedCredentials []CredentialDescriptor
UserVerification string
}
● Challenge is the only
requirement!
○ Same structure as prior
Challenge Parameter
webauthn/protocol/options.go
type PublicKeyCredentialRequestOptions struct {
Challenge Challenge
Timeout int
RelyingPartyId string
AllowedCredentials []CredentialDescriptor
UserVerification string
}
● Same as in Creation
Request
Timeout Parameter
webauthn/protocol/options.go
type PublicKeyCredentialRequestOptions struct {
Challenge Challenge
Timeout int
RelyingPartyId string
AllowedCredentials []CredentialDescriptor
UserVerification string
}
● The URL of the RP
○ Can be inferred by client
Relying Party ID Attribute
webauthn/protocol/options.go
type PublicKeyCredentialRequestOptions struct {
Challenge Challenge
Timeout int
RelyingPartyId string
AllowedCredentials []CredentialDescriptor
UserVerification string
}
● List of Credential
Descriptions to allow for
● Should contain the
credentials registered to
the user for an RP
Allowed Credential List
webauthn/protocol/options.go
type CredentialDescriptor struct {
Type string // Should be “public-key”
CredentialID []byte // Stored Credential ID
Transport []string // “usb”,“nfc”,“ble”,”internal”
// “lightning” transport added recently!
}
● Type will be “public-key”
● Credential ID is the stored ID
● What transports the
authenticator should use assert
the credential.
○ Internal should be used if the
authenticator is built in to the
device.
Credential Descriptor
webauthn/protocol/options.go
type PublicKeyCredentialRequestOptions struct {
Challenge Challenge
Timeout int
RelyingPartyId string
AllowedCredentials []CredentialDescriptor
UserVerification string
}
● Should the user be verified by
the authenticator?
○ Required
○ Preferred
○ Discouraged
● User Verification == “Human”
Verification
● Defaults to preferred
● If set to required, client will
exclude ineligible authenticators
User Verification Requirements
Login (Assertion)
“Given these options and ID, prove you own it”
In JSON
Provided to
navigator.credentials.get()
Requested at line 105 in
webauthn.io/static/dist/js/webauthn.js
{
"publicKey": {
"challenge": "DTea9k7tF9waXg0LTbOVOEvm0unHoo=",
"timeout": 60000,
"rpId": "webauthn.io",
"allowCredentials": [
{
"type": "public-key",
"id": "KWUeR0DoUAkpS5S3nHydoK..."
},
-- More Allowed Credentials -
-
{
"type": "public-key",
"id": "i7yvlHv0YMF3BK81VeqIdW..."
}
]
}
Assertion Request
Assertion Response
PublicKeyCredential
Assertion Response
ex.com
JSON(PublicKeyCredential)
In JSON
Provided from
navigator.credentials.get()
Returned at line 107 in
webauthn.io/static/dist/js/webauthn.js
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"authenticatorData":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG...",
"signature":"oASLKdlOMEIBaqs...",
"userHandle":"9AUAAAA...",
}
}
Assertion Response
In JSON
Provided from
navigator.credentials.get()
Returned at line 107 in
webauthn.io/static/dist/js/webauthn.js
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"authenticatorData":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG...",
"signature":"oASLKdlOMEIBaqs...",
"userHandle":"9AUAAAA...",
}
}
Assertion Response
Functions where we handle this data
● RequestNewCredential in webauthn.io/server/credential.go:17
○ Calls BeginRegistration in webauthn/webauthn/registration.go:19
● MakeNewCredential in webauthn.io/server/credential.go:66
○ Calls FinishRegistration in webauthn/webauthn/registration.go:105
● GetAssertion in webauthn.io/server/assertion.go:21
○ Calls BeginLogin in webauthn/webauthn/login.go:25
● MakeAssertion in webauthn.io/server/assertion.go:57
○ Calls FinishLogin in webauthn/webauthn/login.go:85
To Rebuild Your Code
## For Golang
## End the Go application (Ctrl-C)
$go run main.go
## For Docker
$docker down $DOCKER_ID // get ID with $docker ps
$docker build .
$docker run -p 9005:9005 --rm webauthn.io
Unpacking Responses
PublicKeyCredential
Registration
ex.com
JSON(PublicKeyCredential)
In JSON
Provided from
navigator.credentials.create()
Returned at line 107 in
webauthn.io/static/dist/js/webauthn.js
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"attestationObject":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG..."
}
}
Registration Response
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"attestationObject":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG..."
}
}
Registration Response
● Highlighted values contain all we
need
● URL Base 64 Encoded
● Parsed in webauthn/
○ webauthn/registration.go
○ protocol/credential.go
○ protocol/attestation.go
type CollectedClientData struct {
Type CeremonyType
Challenge string
Origin string
TokenBinding TokenBinding
}
Client Data
● Contains the type of event
(ceremony)
○ webauthn.create
○ Webauthn.get
● The initial challenge
● The origin URL
○ According to the authenticator
● Token binding helps us bind the
session
● But how do we trust it?
Attestation
protocol/attestation.go:56
Attestation and Attestation Objects
● Attestation Objects are packed in CBOR
○ Concise Binary Object Representation
● The Attestation Signature (most of the time) gives us proof
that the authenticator actually created the credential
● Up to the developer to check trust roots (with services like
FIDO’s Metadata Service)
● Read the spec or look in webauthn for instructions
Should I Handle or Request Attestation?
● Are you…
○ A bank?
○ A government agency?
○ Often attacked by nation states?
○ Excited to use the FIDO Metadata Service?
● If not, you probably don’t need to do attestation.
○ It depends on your threat model!
In JSON
Provided from
navigator.credentials.get()
Returned at line 107 in
webauthn.io/static/dist/js/webauthn.js
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"authenticatorData":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG...",
"signature":"oASLKdlOMEIBaqs...",
"userHandle":"9AUAAAA...",
}
}
Assertion Response
{
"id":"AOB4OhswadyGM0GHREg...",
"rawId":"AOB4OhswadyGM0GHREg...",
"type":"public-key",
"response":{
"authenticatorData":"o2NmbXRm...",
"clientDataJSON":"eyJjaGFsbG...",
"signature":"oASLKdlOMEIBaqs...",
"userHandle":"9AUAAAA...",
}
}
Assertion Response
● Client Data remains the same format
● Authenticator data instead of
Attestation data
● Signature != Attestation Signature
● Parsed in webauthn/
○ protocol/assertion.go:49
Credential Validation
Validation in 3 parts
1. Validate the data from the RP (Client Data)
○ Request Type, Request Origin, Challenge, etc
2. Validate the data from the Authenticator
○ Signature, Attestation data, AAGUID
3. Validate the credential
○ Public Key Format, Signature
Validation
● Check out the verification methods in webauthn/
○ protocol/credential.go
○ protocol/attestation.go
○ protocol/assertion.go
ex.com
+ ID
Completing Registration Validation
Looking Forward
Resident Key Handling
● Gaining stable implementation in browsers
● Allows for mapping an RP ID to a credential, rather than to
a credential ID. Could also maybe support key syncing.
● The key is stored either on the authenticator and the
mapping is stored by the browser client, or the key is stored
(wrapped) outside of the authenticator.
○ Supporting “Incognito” tabs is being discussed
Account Recovery
Three main genres of recovery:
1. Alternate Credentials/Authenticators
○ Enrollment of multiple authenticators
○ Potentially the syncing of a single credential
2. Mutually Trusted/Delegated Authorities
○ A group that the relying party trusts to authenticate the user
3. Tokens of Identity
○ A token symbolizing a trust relationship between user and an MTA
○ i.e. State/National ID (non-digital)
4. Byzantine Relationships
Account Recovery
● Current guidance focuses mostly on Multiple authenticator enrollment
● Other methods I recommend (threat model dependent)
○ Push Messaging (Like duo, krypton, okta)
○ Email
○ If you’re an enterprise, help desk support flow is critical!
○ Quick linking
● Don’t fall back to passwords!
Account Recovery Prevention
● Use the API to find out if you can enroll new authenticators and relay
this through UI/UX.
● Potentially use quick links to add mobile devices and vice versa, if threat
model allows for it.
● Invest in user education! Account recovery can be more expensive than
educating users, especially if you’re a consumer-facing company.
FIDO2 Account Recovery Resources
● GDWG, CDWG, and EDWG are all thinking about this. If you’re a Fido
Alliance member, check out their work!
● I recommend checking out the login.gov webinar available through Fido’s
Youtube Account.
● I’m here if you need help!
Questions?
Thank you!
Twitter: @codekaiju
nsteele@duo.com

More Related Content

What's hot

FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2Aaron Parecki
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect Nat Sakimura
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak Abhishek Koserwal
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuthleahculver
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 

What's hot (20)

OAuth
OAuthOAuth
OAuth
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications Overview
 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
An Introduction to OAuth 2
An Introduction to OAuth 2An Introduction to OAuth 2
An Introduction to OAuth 2
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Building secure applications with keycloak
Building secure applications with keycloak Building secure applications with keycloak
Building secure applications with keycloak
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Implementing OAuth
Implementing OAuthImplementing OAuth
Implementing OAuth
 
FIDO Masterclass
FIDO MasterclassFIDO Masterclass
FIDO Masterclass
 
OAuth 2.0
OAuth 2.0OAuth 2.0
OAuth 2.0
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 

Similar to Getting Started With WebAuthn

Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web ServicesJorgen Thelin
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Netalsmola
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java ApplicationsStormpath
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerCheapSSLUSA
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key InfrastructureTheo Gravity
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationStormpath
 
CBSecurity 3 - Secure Your ColdBox Applications
CBSecurity 3 - Secure Your ColdBox ApplicationsCBSecurity 3 - Secure Your ColdBox Applications
CBSecurity 3 - Secure Your ColdBox ApplicationsOrtus Solutions, Corp
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Alliance
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfNordic APIs
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Gabriella Davis
 
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs AuthorizationRoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs AuthorizationErick Belluci Tedeschi
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code HardeningOdoo
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 :  Modern Authentication 101DDD Melbourne 2019 :  Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101Dasith Wijesiriwardena
 
Raising the dead to save the living
Raising the dead to save the livingRaising the dead to save the living
Raising the dead to save the livingJaredPeck
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Techsylvania
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 

Similar to Getting Started With WebAuthn (20)

Identity, Security and XML Web Services
Identity, Security and XML Web ServicesIdentity, Security and XML Web Services
Identity, Security and XML Web Services
 
MongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day OneMongoDB World 2019: Securing Application Data from Day One
MongoDB World 2019: Securing Application Data from Day One
 
Top Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.NetTop Ten Tips For Tenacious Defense In Asp.Net
Top Ten Tips For Tenacious Defense In Asp.Net
 
Token Authentication for Java Applications
Token Authentication for Java ApplicationsToken Authentication for Java Applications
Token Authentication for Java Applications
 
Understanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets LayerUnderstanding Digital Certificates & Secure Sockets Layer
Understanding Digital Certificates & Secure Sockets Layer
 
Introduction to Public Key Infrastructure
Introduction to Public Key InfrastructureIntroduction to Public Key Infrastructure
Introduction to Public Key Infrastructure
 
Securing Web Applications with Token Authentication
Securing Web Applications with Token AuthenticationSecuring Web Applications with Token Authentication
Securing Web Applications with Token Authentication
 
CBSecurity 3 - Secure Your ColdBox Applications
CBSecurity 3 - Secure Your ColdBox ApplicationsCBSecurity 3 - Secure Your ColdBox Applications
CBSecurity 3 - Secure Your ColdBox Applications
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Distributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdfDistributed Authorization with Open Policy Agent.pdf
Distributed Authorization with Open Policy Agent.pdf
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
 
RoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs AuthorizationRoadSec 2017 - Trilha AppSec - APIs Authorization
RoadSec 2017 - Trilha AppSec - APIs Authorization
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code Hardening
 
Securing Applications
Securing ApplicationsSecuring Applications
Securing Applications
 
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
apidays Helsinki & North 2023 - API authorization with Open Policy Agent, And...
 
DDD Melbourne 2019 : Modern Authentication 101
DDD Melbourne 2019 :  Modern Authentication 101DDD Melbourne 2019 :  Modern Authentication 101
DDD Melbourne 2019 : Modern Authentication 101
 
Raising the dead to save the living
Raising the dead to save the livingRaising the dead to save the living
Raising the dead to save the living
 
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
Ricardo Mendez, Technical Director Europe ,Samsung NEXT - Identity, Privacy a...
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 

More from FIDO Alliance

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxFIDO Alliance
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...FIDO Alliance
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing  FIDO Device Onboard (FDO)Introducing  FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 

More from FIDO Alliance (20)

ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Design Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptxDesign Guidelines for Passkeys 2024.pptx
Design Guidelines for Passkeys 2024.pptx
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...Hyatt driving innovation and exceptional customer experiences with FIDO passw...
Hyatt driving innovation and exceptional customer experiences with FIDO passw...
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider  Progress from Awareness to Implementation.pptxTales from a Passkey Provider  Progress from Awareness to Implementation.pptx
Tales from a Passkey Provider Progress from Awareness to Implementation.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Introducing FIDO Device Onboard (FDO)
Introducing  FIDO Device Onboard (FDO)Introducing  FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 

Recently uploaded

BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptxBEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptxthusosetemere
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Gurusaastr
 
History of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth deathHistory of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth deathphntsoaki
 
"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXRMegan Campos
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityHung Le
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfMahamudul Hasan
 
Ready Set Go Children Sermon about Mark 16:15-20
Ready Set Go Children Sermon about Mark 16:15-20Ready Set Go Children Sermon about Mark 16:15-20
Ready Set Go Children Sermon about Mark 16:15-20rejz122017
 
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESBIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESfuthumetsaneliswa
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalFabian de Rijk
 
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESBIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESfuthumetsaneliswa
 
SaaStr Workshop Wednesdays - RevenueCat.pdf
SaaStr Workshop Wednesdays - RevenueCat.pdfSaaStr Workshop Wednesdays - RevenueCat.pdf
SaaStr Workshop Wednesdays - RevenueCat.pdfsaastr
 
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...Sosiaali- ja terveysministeriö / yleiset
 
Using AI to boost productivity for developers
Using AI to boost productivity for developersUsing AI to boost productivity for developers
Using AI to boost productivity for developersTeri Eyenike
 
Molecular docking- Laxman I. Nimbale.pptx
Molecular docking- Laxman  I. Nimbale.pptxMolecular docking- Laxman  I. Nimbale.pptx
Molecular docking- Laxman I. Nimbale.pptxluckynimbale8892
 
globalisation project report displayed overview
globalisation project report displayed overviewglobalisation project report displayed overview
globalisation project report displayed overviewasadzafar8520
 
2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdfNancy Goebel
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfSkillCertProExams
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...Kayode Fayemi
 

Recently uploaded (20)

BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptxBEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
BEAUTIFUL PLACES TO VISIT IN LESOTHO.pptx
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Guru
 
History of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth deathHistory of Morena Moshoeshoe birth death
History of Morena Moshoeshoe birth death
 
"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR"I hear you": Moving beyond empathy in UXR
"I hear you": Moving beyond empathy in UXR
 
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven CuriosityUnlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
Unlocking Exploration: Self-Motivated Agents Thrive on Memory-Driven Curiosity
 
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdfSOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
SOLID WASTE MANAGEMENT SYSTEM OF FENI PAURASHAVA, BANGLADESH.pdf
 
Ready Set Go Children Sermon about Mark 16:15-20
Ready Set Go Children Sermon about Mark 16:15-20Ready Set Go Children Sermon about Mark 16:15-20
Ready Set Go Children Sermon about Mark 16:15-20
 
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESBIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
 
Digital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of DrupalDigital collaboration with Microsoft 365 as extension of Drupal
Digital collaboration with Microsoft 365 as extension of Drupal
 
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINESBIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
BIG DEVELOPMENTS IN LESOTHO(DAMS & MINES
 
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait Cityin kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
in kuwait௹+918133066128....) @abortion pills for sale in Kuwait City
 
SaaStr Workshop Wednesdays - RevenueCat.pdf
SaaStr Workshop Wednesdays - RevenueCat.pdfSaaStr Workshop Wednesdays - RevenueCat.pdf
SaaStr Workshop Wednesdays - RevenueCat.pdf
 
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
 
Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...
Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...
Abortion Pills Fahaheel ௹+918133066128💬@ Safe and Effective Mifepristion and ...
 
Using AI to boost productivity for developers
Using AI to boost productivity for developersUsing AI to boost productivity for developers
Using AI to boost productivity for developers
 
Molecular docking- Laxman I. Nimbale.pptx
Molecular docking- Laxman  I. Nimbale.pptxMolecular docking- Laxman  I. Nimbale.pptx
Molecular docking- Laxman I. Nimbale.pptx
 
globalisation project report displayed overview
globalisation project report displayed overviewglobalisation project report displayed overview
globalisation project report displayed overview
 
2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdf
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...
 

Getting Started With WebAuthn

Editor's Notes

  1. My name is Nick Steele
  2. I’m a researcher with Duo Labs
  3. One of my colleagues once said this to me and it’s great
  4. https://w3c.github.io/webauthn/#iface-pkcredential
  5. https://w3c.github.io/webauthn/#iface-pkcredential
  6. https://w3c.github.io/webauthn/#iface-pkcredential
  7. https://w3c.github.io/webauthn/#iface-pkcredential
  8. https://w3c.github.io/webauthn/#iface-pkcredential