SlideShare a Scribd company logo
All Rights Reserved | FIDO Alliance | Copyright 20181
INTEGRATING
FIDO AUTHENTICATION
& FEDERATION PROTOCOLS
BEST PRACTICES FOR
ENTERPRISE DEPLOYMENT
AGENDA
• Does FIDO complement Federation?
• What are the benefits in pairing FIDO and Federation?
• How to integrate FIDO with modern Federation protocols?
All Rights Reserved | FIDO Alliance | Copyright 20182
What is FIDO?
Physical-to-digital identity
User Management
AUTHENTICATION
Federation
Single
Sign-On
Passwords SimpleStrong
FIDO Authentication
FIDO is an authentication protocol
FIDO is not a federation protocol
FIDO is not an authorization protocol
FIDO is not an identity standard
All Rights Reserved | FIDO Alliance | Copyright 20183
How does FIDO Work?
RP Application
FIDO Client
USER’S DEVICE
RP Server
FIDO Server
RELYING PARTY
Generic View
Authenticator
Architecture
All Rights Reserved | FIDO Alliance | Copyright 20184
How does FIDO Work?
RP Application
FIDO Client
USER’S DEVICE
RP Server
FIDO Server
RELYING PARTYGeneric View
Authenticator
Registration
Private attestation key
Private
authentication
key
Public
Authentication
key
All Rights Reserved | FIDO Alliance | Copyright 20185
How does FIDO Work?
RP Application
FIDO Client
USER’S DEVICE
RP Server
FIDO Server
RELYING PARTYGeneric View
Authenticator
(Signed) Response
Challenge
Require user gesture
before private key
can be used
Authentication
Private attestation key
Private
authentication
key
Public
Authentication
key
All Rights Reserved | FIDO Alliance | Copyright 20186
FIDO and User Identity
AuthenticatorUser verification FIDO Authentication
Same Authenticator
as registered before?
Same User as enrolled
before?
Identity proofing and binding done
outside FIDO
…
No user attributes
in FIDO server
No user attributes in
the Authenticator
All Rights Reserved | FIDO Alliance | Copyright 20187
RP 1
Authenticator
One Authenticator, Many Applications
Origin 1 Origin 2 Origin 1
Unique authn keys per RP
Isolation of authentication transactions
Account 2Account 1 Account 3 Account m
RP 2 RP n
………
Non-linkability
All Rights Reserved | FIDO Alliance | Copyright 20188
FIDO Benefits to the User
Reduce the burden of
remembering multiple passwords
Use a simple gesture for
authentication
Use one authenticator with
multiple applications
Biometric data is local
No secrets on the server
No linkability between RPs
All Rights Reserved | FIDO Alliance | Copyright 20189
Reduce the burden of using a
variety of two-factor
authentication form factors
Preserve user privacy
What Problems Does Federation Solve?
Without Federation,
Users have to:
Remember multiple passwords
Sign-in multiple times a day
Administrators have to manage:
Authentication policies,
Group permissions and
User accounts
Across multiple domains
Reduced productivity
Increased number help desk calls
Increased administration overhead
Increased security risks
All Rights Reserved | FIDO Alliance | Copyright 201810
How Federation Solves These Problems
All Rights Reserved | FIDO Alliance | Copyright 201811
RP
User
User
Authentication
Authenticated
Session
Identity Information
Three-Party Trust Relationship
IdPRP
RP
RP
Authentication
Statement
Identity
Source
Federation Benefits to End Users
RP
User
AuthenticationSession
Identity Information
Three-Party Trust Relationship
Users remember one password,
sign in once and access multiple
applications
IdPRP
RP
RP
All Rights Reserved | FIDO Alliance | Copyright 201812
Federation Benefits to Relying Parties
IdPRP
User
AuthenticationSession
Identity Information
Three-Party Trust Relationship
IdP
IdP
RPs move user identity to trusted
third-party authentication
authorities
All Rights Reserved | FIDO Alliance | Copyright 201813
Federation Benefits to Identity Providers
IdPRP
User
AuthenticationSingle-Sign On
Identity Information
Three-Party Trust Relationship
RP
RP
IdPs link user identity to multiple RPs
- Reduce security risk and administration overhead
- Enforce strong authentication and enable SSO
- Protect user identity attributes
All Rights Reserved | FIDO Alliance | Copyright 201814
The Downside of Federation
Users hate to use complex passwords for primary
authentication
Organizations have major concerns about password security
Stronger and more convenient authentication methods
are needed
All Rights Reserved | FIDO Alliance | Copyright 201815
FIDO is the Solution
All Rights Reserved | FIDO Alliance | Copyright 201816
How FIDO Deployment Complements
Federation
RP
Authentication
(FIDO-based)
Session
Identity Information
Redirect
IdP
FIDO Server
RP
RP
IdP Server
Browser w/
FIDO Client
Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201817
• Lower cost of ownership
• Lower security risks
• Lower help desk calls
• Increased productivityOne authenticator, one
credential for multiple RPs
No changes to RP
applications
User Environment
Relying Party
(Application or Service Provider)
Identity Provider
(e.g SAML IDP, OpenID Provider)
FIDO Server
User Agent
FIDO
Authenticator
FIDO
Client
1 Initial Sign-in or Step-up access
3. FIDO challenge/response
Federation Protocol
Federated Authentication Flow with FIDO
3. FIDO challenge/response
2. Authentication Request
4. Authentication Response indicating FIDO
All Rights Reserved | FIDO Alliance | Copyright 201818
How to Apply FIDO-based Authentication
Preconfigured IdP Authentication Policy
• Global or per-RP policy set in the IdP
Just-in-Time RP Authentication Policy
• Specified by RP in the authentication request using authn context class reference
• AuthnContextClassRef parameter in SAML
• Acr_values request parameter in OIDC
• IdP returns information indicating that FIDO-based auth was used
• Using AuthnContextClassRef in SAML
• Using acr and amr claims In ID Token in OIDC
All Rights Reserved | FIDO Alliance | Copyright 201819
Use AuthnContextClassRef in SAML for JIT
enforcement
Sa m ple SA ML Reques t
Sa m ple SA ML Res po ns e
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
…
<samlp:RequestedAuthnContext Comparison="exact">
...
<saml:AuthnContextClassRef>urn:rsa:names:tc:SAML:2.0:ac:classes:MediumAssurance</saml:AuthnContextClassRef>
…
</samlp:RequestedAuthnContext>
…
</samlp:AuthnRequest>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ….
<saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" …..
….
<saml:AuthnContextClassRef>urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO</saml:AuthnContextClassRef>
……
</saml:AuthnStatement>
…
</samlp:Response>
All Rights Reserved | FIDO Alliance | Copyright 201820
Use acr_values in OIDC for JIT
enforcement
Sample OIDC Request /Response
EndpointURI: https://tenant.server.example.com/oidc/auth
Http Parameters: {
response_type: id_token,
client_id: rp_client,
response_mode: query,
redirect_uri: https://rp.example.com/oidc-rp/,
scope: openid,
……
acr_values: phr phrh mfa
RedirectURI: https://rp.example.com/oidc-rp/
Http Parameters: {
…….
'id_token' content:
{
"auth_time":1490898779,
"exp":1490899139,
"sub":"someone@example.com",
…….
"iss":" https://tenant.server.example.com/oidc-fe",
"iat":1490898779,
"acr":“phrh",
"amr":[“hwk"]
}
}
ACR policy identifiers that can be satisfied by FIDO Authenticators are defined OpenID Connect (EAP) ACR Values specification
All Rights Reserved | FIDO Alliance | Copyright 201821
Other
Deployment
Options
IdP
Primary Authentication
using non-FIDO method
Session
Identity Information
Secondary/Step-up
Authentication Using FIDO
RP
FIDO Server
RP Server
Browser w/
FIDO Client
Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201822
Other
Deployment
Options
Primary
Authentication
using 1st key
Session
Identity Information
Proof of Possession of
2nd key
IdP
FIDO Server
IdP Server
RP
FIDO Server
RP Server
Based on NIST 800-63-3 requirements for FAL3,
this deployment model can qualify for FAL 3
(provided that other conditions are met)
Browser w/
FIDO Client
Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201823
Benefits of FIDO & Federation Integration
Users continue to enjoy the benefits of Federated SSO,
while FIDO provides a more convenient, more secure and
privacy preserving method of authentication
Organizations offer a streamlined authentication method
without putting user identity attributes at risk
All Rights Reserved | FIDO Alliance | Copyright 201824
While using Federation Authentication, add FIDO support
today and get its benefits
- 200+ Certified FIDO authenticators
- 85+ FIDO certified server implementations
- Some are deployed as part of a Federated authentication solution
For more details on FIDO and Federation integration, read
FIDO Alliance Enterprise Adoption Best Practices white
paper
All Rights Reserved | FIDO Alliance | Copyright 201825

More Related Content

What's hot

Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
FIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
FIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
FIDO Alliance
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
LiamWadman
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
Nat Sakimura
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
FIDO Alliance
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
Vladimir Dzhuvinov
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
FIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
FIDO Alliance
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
Haniyama Wataru
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO Alliance
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
FIDO Alliance
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
FIDO Alliance
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
Torsten Lodderstedt
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
Shiu-Fun Poon
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
Torsten Lodderstedt
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
Jacob Combs
 

What's hot (20)

Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical Overview
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
 
Intro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID ConnectIntro to OAuth2 and OpenID Connect
Intro to OAuth2 and OpenID Connect
 
Introduction to OpenID Connect
Introduction to OpenID Connect Introduction to OpenID Connect
Introduction to OpenID Connect
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 
OpenID Connect Explained
OpenID Connect ExplainedOpenID Connect Explained
OpenID Connect Explained
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptx
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKey
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
 
Securing a Web App with Security Keys
Securing a Web App with Security KeysSecuring a Web App with Security Keys
Securing a Web App with Security Keys
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
OpenID for Verifiable Credentials
OpenID for Verifiable CredentialsOpenID for Verifiable Credentials
OpenID for Verifiable Credentials
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
OpenID Connect 4 SSI
OpenID Connect 4 SSIOpenID Connect 4 SSI
OpenID Connect 4 SSI
 
OAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID ConnectOAuth 2.0 and OpenID Connect
OAuth 2.0 and OpenID Connect
 

Similar to Integrating FIDO Authentication & Federation Protocols

FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
FIDO Alliance
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation Protocols
FIDO Alliance
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
FIDO Alliance
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
FIDO Alliance
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
FIDO Alliance
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
FIDO Alliance
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
FIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CloudIDSummit
 
The Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipThe Value of FIDO Alliance Membership
The Value of FIDO Alliance Membership
FIDO Alliance
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
FIDO Alliance
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
FIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
FIDO Alliance
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
FIDO Alliance
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
FIDO Alliance
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
FIDO Alliance
 

Similar to Integrating FIDO Authentication & Federation Protocols (20)

FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Integrating FIDO & Federation Protocols
Integrating FIDO & Federation ProtocolsIntegrating FIDO & Federation Protocols
Integrating FIDO & Federation Protocols
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
Technical Principles of FIDO Authentication
Technical Principles of FIDO AuthenticationTechnical Principles of FIDO Authentication
Technical Principles of FIDO Authentication
 
FIDO And the Future of User Authentication
FIDO And the Future of User AuthenticationFIDO And the Future of User Authentication
FIDO And the Future of User Authentication
 
FIDO Alliance Vision and Updates
FIDO Alliance Vision and UpdatesFIDO Alliance Vision and Updates
FIDO Alliance Vision and Updates
 
2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell2018 12-07 tokyo-seminar Brett McDowell
2018 12-07 tokyo-seminar Brett McDowell
 
Beyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer AuthenticationBeyond Passwords: FIDO & the Future of Consumer Authentication
Beyond Passwords: FIDO & the Future of Consumer Authentication
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
The Value of FIDO Alliance Membership
The Value of FIDO Alliance MembershipThe Value of FIDO Alliance Membership
The Value of FIDO Alliance Membership
 
FIDO Technical Specifications Overview
FIDO Technical Specifications OverviewFIDO Technical Specifications Overview
FIDO Technical Specifications Overview
 
Introduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for AuthenticationIntroduction to FIDO: A New Model for Authentication
Introduction to FIDO: A New Model for Authentication
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -NadalinNew FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin
 
FIDO Alliance Vision and Status
FIDO Alliance Vision and StatusFIDO Alliance Vision and Status
FIDO Alliance Vision and Status
 
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native AppsUAF Tutorial: Passwordless, Biometric Authentication for Native Apps
UAF Tutorial: Passwordless, Biometric Authentication for Native Apps
 

More from FIDO Alliance

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FIDO Alliance
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
FIDO Alliance
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
FIDO Alliance
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
FIDO Alliance
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
FIDO Alliance
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
FIDO Alliance
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
FIDO Alliance
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
FIDO Alliance
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
FIDO Alliance
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
FIDO Alliance
 

More from FIDO Alliance (20)

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdfFIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
FIDO Alliance Osaka Seminar: LY-DOCOMO-KDDI-Mercari Panel.pdf
 
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdfFIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
FIDO Alliance Osaka Seminar: NEC & Yubico Panel.pdf
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdfFIDO Alliance Osaka Seminar: CloudGate.pdf
FIDO Alliance Osaka Seminar: CloudGate.pdf
 
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdfFIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
FIDO Alliance Osaka Seminar: PlayStation Passkey Deployment Case Study.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdfFIDO Alliance Osaka Seminar: Welcome Slides.pdf
FIDO Alliance Osaka Seminar: Welcome Slides.pdf
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
ASRock Industrial FDO Solutions in Action for Industrial Edge AI _ Kenny at A...
 
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdfHow Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
How Red Hat Uses FDO in Device Lifecycle _ Costin and Vitaliy at Red Hat.pdf
 
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
Secure Zero Touch enabled Edge compute with Dell NativeEdge via FDO _ Brad at...
 
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdfWhere to Learn More About FDO _ Richard at FIDO Alliance.pdf
Where to Learn More About FDO _ Richard at FIDO Alliance.pdf
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdfSimplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
Simplified FDO Manufacturing Flow with TPMs _ Liam at Infineon.pdf
 
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdfLinux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
Linux Foundation Edge _ Overview of FDO Software Components _ Randy at Intel.pdf
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 

Recently uploaded

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
DianaGray10
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
Mydbops
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
AstuteBusiness
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
Neo4j
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
DanBrown980551
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
c5vrf27qcz
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 

Recently uploaded (20)

Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsConnector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
 
Must Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during MigrationMust Know Postgres Extension for DBA and Developer during Migration
Must Know Postgres Extension for DBA and Developer during Migration
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |Astute Business Solutions | Oracle Cloud Partner |
Astute Business Solutions | Oracle Cloud Partner |
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Leveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and StandardsLeveraging the Graph for Clinical Trials and Standards
Leveraging the Graph for Clinical Trials and Standards
 
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
Northern Engraving | Modern Metal Trim, Nameplates and Appliance Panels
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Y-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PPY-Combinator seed pitch deck template PP
Y-Combinator seed pitch deck template PP
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 

Integrating FIDO Authentication & Federation Protocols

  • 1. All Rights Reserved | FIDO Alliance | Copyright 20181 INTEGRATING FIDO AUTHENTICATION & FEDERATION PROTOCOLS BEST PRACTICES FOR ENTERPRISE DEPLOYMENT
  • 2. AGENDA • Does FIDO complement Federation? • What are the benefits in pairing FIDO and Federation? • How to integrate FIDO with modern Federation protocols? All Rights Reserved | FIDO Alliance | Copyright 20182
  • 3. What is FIDO? Physical-to-digital identity User Management AUTHENTICATION Federation Single Sign-On Passwords SimpleStrong FIDO Authentication FIDO is an authentication protocol FIDO is not a federation protocol FIDO is not an authorization protocol FIDO is not an identity standard All Rights Reserved | FIDO Alliance | Copyright 20183
  • 4. How does FIDO Work? RP Application FIDO Client USER’S DEVICE RP Server FIDO Server RELYING PARTY Generic View Authenticator Architecture All Rights Reserved | FIDO Alliance | Copyright 20184
  • 5. How does FIDO Work? RP Application FIDO Client USER’S DEVICE RP Server FIDO Server RELYING PARTYGeneric View Authenticator Registration Private attestation key Private authentication key Public Authentication key All Rights Reserved | FIDO Alliance | Copyright 20185
  • 6. How does FIDO Work? RP Application FIDO Client USER’S DEVICE RP Server FIDO Server RELYING PARTYGeneric View Authenticator (Signed) Response Challenge Require user gesture before private key can be used Authentication Private attestation key Private authentication key Public Authentication key All Rights Reserved | FIDO Alliance | Copyright 20186
  • 7. FIDO and User Identity AuthenticatorUser verification FIDO Authentication Same Authenticator as registered before? Same User as enrolled before? Identity proofing and binding done outside FIDO … No user attributes in FIDO server No user attributes in the Authenticator All Rights Reserved | FIDO Alliance | Copyright 20187
  • 8. RP 1 Authenticator One Authenticator, Many Applications Origin 1 Origin 2 Origin 1 Unique authn keys per RP Isolation of authentication transactions Account 2Account 1 Account 3 Account m RP 2 RP n ……… Non-linkability All Rights Reserved | FIDO Alliance | Copyright 20188
  • 9. FIDO Benefits to the User Reduce the burden of remembering multiple passwords Use a simple gesture for authentication Use one authenticator with multiple applications Biometric data is local No secrets on the server No linkability between RPs All Rights Reserved | FIDO Alliance | Copyright 20189 Reduce the burden of using a variety of two-factor authentication form factors Preserve user privacy
  • 10. What Problems Does Federation Solve? Without Federation, Users have to: Remember multiple passwords Sign-in multiple times a day Administrators have to manage: Authentication policies, Group permissions and User accounts Across multiple domains Reduced productivity Increased number help desk calls Increased administration overhead Increased security risks All Rights Reserved | FIDO Alliance | Copyright 201810
  • 11. How Federation Solves These Problems All Rights Reserved | FIDO Alliance | Copyright 201811 RP User User Authentication Authenticated Session Identity Information Three-Party Trust Relationship IdPRP RP RP Authentication Statement Identity Source
  • 12. Federation Benefits to End Users RP User AuthenticationSession Identity Information Three-Party Trust Relationship Users remember one password, sign in once and access multiple applications IdPRP RP RP All Rights Reserved | FIDO Alliance | Copyright 201812
  • 13. Federation Benefits to Relying Parties IdPRP User AuthenticationSession Identity Information Three-Party Trust Relationship IdP IdP RPs move user identity to trusted third-party authentication authorities All Rights Reserved | FIDO Alliance | Copyright 201813
  • 14. Federation Benefits to Identity Providers IdPRP User AuthenticationSingle-Sign On Identity Information Three-Party Trust Relationship RP RP IdPs link user identity to multiple RPs - Reduce security risk and administration overhead - Enforce strong authentication and enable SSO - Protect user identity attributes All Rights Reserved | FIDO Alliance | Copyright 201814
  • 15. The Downside of Federation Users hate to use complex passwords for primary authentication Organizations have major concerns about password security Stronger and more convenient authentication methods are needed All Rights Reserved | FIDO Alliance | Copyright 201815
  • 16. FIDO is the Solution All Rights Reserved | FIDO Alliance | Copyright 201816
  • 17. How FIDO Deployment Complements Federation RP Authentication (FIDO-based) Session Identity Information Redirect IdP FIDO Server RP RP IdP Server Browser w/ FIDO Client Authenticator All Rights Reserved | FIDO Alliance | Copyright 201817 • Lower cost of ownership • Lower security risks • Lower help desk calls • Increased productivityOne authenticator, one credential for multiple RPs No changes to RP applications
  • 18. User Environment Relying Party (Application or Service Provider) Identity Provider (e.g SAML IDP, OpenID Provider) FIDO Server User Agent FIDO Authenticator FIDO Client 1 Initial Sign-in or Step-up access 3. FIDO challenge/response Federation Protocol Federated Authentication Flow with FIDO 3. FIDO challenge/response 2. Authentication Request 4. Authentication Response indicating FIDO All Rights Reserved | FIDO Alliance | Copyright 201818
  • 19. How to Apply FIDO-based Authentication Preconfigured IdP Authentication Policy • Global or per-RP policy set in the IdP Just-in-Time RP Authentication Policy • Specified by RP in the authentication request using authn context class reference • AuthnContextClassRef parameter in SAML • Acr_values request parameter in OIDC • IdP returns information indicating that FIDO-based auth was used • Using AuthnContextClassRef in SAML • Using acr and amr claims In ID Token in OIDC All Rights Reserved | FIDO Alliance | Copyright 201819
  • 20. Use AuthnContextClassRef in SAML for JIT enforcement Sa m ple SA ML Reques t Sa m ple SA ML Res po ns e <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" … <samlp:RequestedAuthnContext Comparison="exact"> ... <saml:AuthnContextClassRef>urn:rsa:names:tc:SAML:2.0:ac:classes:MediumAssurance</saml:AuthnContextClassRef> … </samlp:RequestedAuthnContext> … </samlp:AuthnRequest> <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" …. <saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" ….. …. <saml:AuthnContextClassRef>urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO</saml:AuthnContextClassRef> …… </saml:AuthnStatement> … </samlp:Response> All Rights Reserved | FIDO Alliance | Copyright 201820
  • 21. Use acr_values in OIDC for JIT enforcement Sample OIDC Request /Response EndpointURI: https://tenant.server.example.com/oidc/auth Http Parameters: { response_type: id_token, client_id: rp_client, response_mode: query, redirect_uri: https://rp.example.com/oidc-rp/, scope: openid, …… acr_values: phr phrh mfa RedirectURI: https://rp.example.com/oidc-rp/ Http Parameters: { ……. 'id_token' content: { "auth_time":1490898779, "exp":1490899139, "sub":"someone@example.com", ……. "iss":" https://tenant.server.example.com/oidc-fe", "iat":1490898779, "acr":“phrh", "amr":[“hwk"] } } ACR policy identifiers that can be satisfied by FIDO Authenticators are defined OpenID Connect (EAP) ACR Values specification All Rights Reserved | FIDO Alliance | Copyright 201821
  • 22. Other Deployment Options IdP Primary Authentication using non-FIDO method Session Identity Information Secondary/Step-up Authentication Using FIDO RP FIDO Server RP Server Browser w/ FIDO Client Authenticator All Rights Reserved | FIDO Alliance | Copyright 201822
  • 23. Other Deployment Options Primary Authentication using 1st key Session Identity Information Proof of Possession of 2nd key IdP FIDO Server IdP Server RP FIDO Server RP Server Based on NIST 800-63-3 requirements for FAL3, this deployment model can qualify for FAL 3 (provided that other conditions are met) Browser w/ FIDO Client Authenticator All Rights Reserved | FIDO Alliance | Copyright 201823
  • 24. Benefits of FIDO & Federation Integration Users continue to enjoy the benefits of Federated SSO, while FIDO provides a more convenient, more secure and privacy preserving method of authentication Organizations offer a streamlined authentication method without putting user identity attributes at risk All Rights Reserved | FIDO Alliance | Copyright 201824
  • 25. While using Federation Authentication, add FIDO support today and get its benefits - 200+ Certified FIDO authenticators - 85+ FIDO certified server implementations - Some are deployed as part of a Federated authentication solution For more details on FIDO and Federation integration, read FIDO Alliance Enterprise Adoption Best Practices white paper All Rights Reserved | FIDO Alliance | Copyright 201825