Learn how FIDO standards compliment federation protocols. These guidelines detail how to integrate the two in order to add support for FIDO-based multi-factor authentication and replace or supplement traditional authentication methods in federation environments.
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
W3C - Web Authentication API by Korea ETRI (Electronics and Telecommunication Research Institute)
- Presented at FIDO Technical Seminar on July 16th, 2018
The update to NIST Special Publication 800-63 Revision 3 covers guidelines on digital identity management, identity proofing and authentication of users working with government IT systems over open networks – and serves as de facto guidance far beyond government and into many industries that are depending on secure user authentication.
Part of the guidelines recommend higher-assurance authentication, including the use of multi-factor authentication with public key cryptography, where private keys are tightly bound to the device. This, of course, is the core of the FIDO approach which has been implemented in over 300 FIDO certified products worldwide that are powering authentication solutions from top service providers such as Google, Facebook, Aetna and more.
In this presentation, experts review the NIST guidelines and their relationship to FIDO Authentication.
Presented at GSMA Mobile Connect + FIDO Alliance: The Future of Strong Authentication
By: Rolf Lindemann, Senior Director of Technology and Products, Nok Nok Labs
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
Introduction to FIDO: A New Model for AuthenticationFIDO Alliance
An overview of FIDO authentication with a special section on government and policy. This was presented at the European Policy Forum by Jeremy Grant, managing director of The Chertoff Group.
FIDO U2F (Universal Authentication Framework) Specifications: Overview & Tutorial
by Jerrod Chong, Yubico
Explore how FIDO U2F works and how it is used in the world today.
The FIDO Alliance invites you to learn how simplify strong authentication for web services. FIDO specifications can help all organizations, especially service providers who want to scale these features for consumer services over the web. Essentially, FIDO offers a simple, low-cost way to improve security and the online experience.
A tutorial on how the process of writing an application using a browser’s WebAuthn API, plus how to install a server, how to generate authentication challenges & responses, and how to integrate with related IAM infrastructure.
Code: https://github.com/fido-alliance/webauthn-demo
Live slides: http://slides.com/herrjemand/jan-2018-fido-seminar-webauthn-tutorial#/
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
The PSD2 (the Revised Payment Service Directive) from the European Commission requires financial institutions to deploy Strong Customer Authentication. FIDO offers a solution to the challenges created by this new regulation.
This presentation details the FIDO Alliance Certification Program - including an overview of the programs, process and the value of certification for both vendors and relying parties.
The Second Payment Services Directive (PSD2) and the associated Regulatory Technical Standards (RTS) on strong customer authentication and secure communication impose stringent requirements on multi-factor authentication and on the security of implementations. Payment Service Providers will want to know whether the authentication solutions they put in place conform to the RTS both in terms of functionality and security.
The FIDO Alliance standards are based on multi-factor authentication and are a strong fit for PSD2 compliance. The FIDO Alliance’s certification program provides an independent evaluation of functional compliance to the standards as well as of the achieved level of security of FIDO authenticators.
Featuring industry experts, this presentation explores how FIDO can resolve key issues, including:
• How the FIDO standards conform to the RTS
• How FIDO’s certification program guarantees this conformity
• How FIDO’s certification program provides for the mandatory security evaluation imposed by the RTS
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
Rolf Lindemann,
Nok Nok Labs
Introduction to the UAF protocol, which is designed to provide a “passwordless” experience, discussing potential use cases and implementation models, with a real-world example shown via the FIDO client on the Samsung Galaxy S5.
Detailed information about membership levels, participation opportunities and the positive ROI that your company can find by helping drive FIDO’s efforts to create a thriving ecosystem for modern authentication.
What if we could replace passwords with authentication that is stronger and simpler? Web service providers and enterprises worldwide are looking for a solution to move beyond the frustrating user experience and less-than-stellar security of single-factor password authentication systems. Today FIDO is that solution, providing a rich set of specifications and certifications for an emerging and interoperable ecosystem of hardware, mobile and biometrics-based devices. This ecosystem enables enterprises and web service providers to easily deploy strong authentication solutions that reduce password dependencies and provide a superior, simpler and trusted user experience.
- Learn the ins and outs of FIDO’s specifications, including their applicability to both passwordless (UAF) and second factor (U2F) authentication use cases.
- Learn how FIDO separates user verification from authentication along with other details on the FIDO registration and login process.
- Learn how FIDO authentication protects user privacy and prevents phishing and man-in-the-middle attacks.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
1. All Rights Reserved | FIDO Alliance | Copyright 20181
INTEGRATING
FIDO AUTHENTICATION
& FEDERATION PROTOCOLS
BEST PRACTICES FOR
ENTERPRISE DEPLOYMENT
2. AGENDA
• Does FIDO complement Federation?
• What are the benefits in pairing FIDO and Federation?
• How to integrate FIDO with modern Federation protocols?
All Rights Reserved | FIDO Alliance | Copyright 20182
3. What is FIDO?
Physical-to-digital identity
User Management
AUTHENTICATION
Federation
Single
Sign-On
Passwords SimpleStrong
FIDO Authentication
FIDO is an authentication protocol
FIDO is not a federation protocol
FIDO is not an authorization protocol
FIDO is not an identity standard
All Rights Reserved | FIDO Alliance | Copyright 20183
4. How does FIDO Work?
RP Application
FIDO Client
USER’S DEVICE
RP Server
FIDO Server
RELYING PARTY
Generic View
Authenticator
Architecture
All Rights Reserved | FIDO Alliance | Copyright 20184
5. How does FIDO Work?
RP Application
FIDO Client
USER’S DEVICE
RP Server
FIDO Server
RELYING PARTYGeneric View
Authenticator
Registration
Private attestation key
Private
authentication
key
Public
Authentication
key
All Rights Reserved | FIDO Alliance | Copyright 20185
6. How does FIDO Work?
RP Application
FIDO Client
USER’S DEVICE
RP Server
FIDO Server
RELYING PARTYGeneric View
Authenticator
(Signed) Response
Challenge
Require user gesture
before private key
can be used
Authentication
Private attestation key
Private
authentication
key
Public
Authentication
key
All Rights Reserved | FIDO Alliance | Copyright 20186
7. FIDO and User Identity
AuthenticatorUser verification FIDO Authentication
Same Authenticator
as registered before?
Same User as enrolled
before?
Identity proofing and binding done
outside FIDO
…
No user attributes
in FIDO server
No user attributes in
the Authenticator
All Rights Reserved | FIDO Alliance | Copyright 20187
8. RP 1
Authenticator
One Authenticator, Many Applications
Origin 1 Origin 2 Origin 1
Unique authn keys per RP
Isolation of authentication transactions
Account 2Account 1 Account 3 Account m
RP 2 RP n
………
Non-linkability
All Rights Reserved | FIDO Alliance | Copyright 20188
9. FIDO Benefits to the User
Reduce the burden of
remembering multiple passwords
Use a simple gesture for
authentication
Use one authenticator with
multiple applications
Biometric data is local
No secrets on the server
No linkability between RPs
All Rights Reserved | FIDO Alliance | Copyright 20189
Reduce the burden of using a
variety of two-factor
authentication form factors
Preserve user privacy
10. What Problems Does Federation Solve?
Without Federation,
Users have to:
Remember multiple passwords
Sign-in multiple times a day
Administrators have to manage:
Authentication policies,
Group permissions and
User accounts
Across multiple domains
Reduced productivity
Increased number help desk calls
Increased administration overhead
Increased security risks
All Rights Reserved | FIDO Alliance | Copyright 201810
11. How Federation Solves These Problems
All Rights Reserved | FIDO Alliance | Copyright 201811
RP
User
User
Authentication
Authenticated
Session
Identity Information
Three-Party Trust Relationship
IdPRP
RP
RP
Authentication
Statement
Identity
Source
12. Federation Benefits to End Users
RP
User
AuthenticationSession
Identity Information
Three-Party Trust Relationship
Users remember one password,
sign in once and access multiple
applications
IdPRP
RP
RP
All Rights Reserved | FIDO Alliance | Copyright 201812
13. Federation Benefits to Relying Parties
IdPRP
User
AuthenticationSession
Identity Information
Three-Party Trust Relationship
IdP
IdP
RPs move user identity to trusted
third-party authentication
authorities
All Rights Reserved | FIDO Alliance | Copyright 201813
14. Federation Benefits to Identity Providers
IdPRP
User
AuthenticationSingle-Sign On
Identity Information
Three-Party Trust Relationship
RP
RP
IdPs link user identity to multiple RPs
- Reduce security risk and administration overhead
- Enforce strong authentication and enable SSO
- Protect user identity attributes
All Rights Reserved | FIDO Alliance | Copyright 201814
15. The Downside of Federation
Users hate to use complex passwords for primary
authentication
Organizations have major concerns about password security
Stronger and more convenient authentication methods
are needed
All Rights Reserved | FIDO Alliance | Copyright 201815
16. FIDO is the Solution
All Rights Reserved | FIDO Alliance | Copyright 201816
17. How FIDO Deployment Complements
Federation
RP
Authentication
(FIDO-based)
Session
Identity Information
Redirect
IdP
FIDO Server
RP
RP
IdP Server
Browser w/
FIDO Client
Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201817
• Lower cost of ownership
• Lower security risks
• Lower help desk calls
• Increased productivityOne authenticator, one
credential for multiple RPs
No changes to RP
applications
18. User Environment
Relying Party
(Application or Service Provider)
Identity Provider
(e.g SAML IDP, OpenID Provider)
FIDO Server
User Agent
FIDO
Authenticator
FIDO
Client
1 Initial Sign-in or Step-up access
3. FIDO challenge/response
Federation Protocol
Federated Authentication Flow with FIDO
3. FIDO challenge/response
2. Authentication Request
4. Authentication Response indicating FIDO
All Rights Reserved | FIDO Alliance | Copyright 201818
19. How to Apply FIDO-based Authentication
Preconfigured IdP Authentication Policy
• Global or per-RP policy set in the IdP
Just-in-Time RP Authentication Policy
• Specified by RP in the authentication request using authn context class reference
• AuthnContextClassRef parameter in SAML
• Acr_values request parameter in OIDC
• IdP returns information indicating that FIDO-based auth was used
• Using AuthnContextClassRef in SAML
• Using acr and amr claims In ID Token in OIDC
All Rights Reserved | FIDO Alliance | Copyright 201819
20. Use AuthnContextClassRef in SAML for JIT
enforcement
Sa m ple SA ML Reques t
Sa m ple SA ML Res po ns e
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
…
<samlp:RequestedAuthnContext Comparison="exact">
...
<saml:AuthnContextClassRef>urn:rsa:names:tc:SAML:2.0:ac:classes:MediumAssurance</saml:AuthnContextClassRef>
…
</samlp:RequestedAuthnContext>
…
</samlp:AuthnRequest>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ….
<saml:AuthnStatement AuthnInstant="2014-07-17T01:01:48Z" …..
….
<saml:AuthnContextClassRef>urn:rsa:names:tc:SAML:2.0:ac:classes:FIDO</saml:AuthnContextClassRef>
……
</saml:AuthnStatement>
…
</samlp:Response>
All Rights Reserved | FIDO Alliance | Copyright 201820
21. Use acr_values in OIDC for JIT
enforcement
Sample OIDC Request /Response
EndpointURI: https://tenant.server.example.com/oidc/auth
Http Parameters: {
response_type: id_token,
client_id: rp_client,
response_mode: query,
redirect_uri: https://rp.example.com/oidc-rp/,
scope: openid,
……
acr_values: phr phrh mfa
RedirectURI: https://rp.example.com/oidc-rp/
Http Parameters: {
…….
'id_token' content:
{
"auth_time":1490898779,
"exp":1490899139,
"sub":"someone@example.com",
…….
"iss":" https://tenant.server.example.com/oidc-fe",
"iat":1490898779,
"acr":“phrh",
"amr":[“hwk"]
}
}
ACR policy identifiers that can be satisfied by FIDO Authenticators are defined OpenID Connect (EAP) ACR Values specification
All Rights Reserved | FIDO Alliance | Copyright 201821
23. Other
Deployment
Options
Primary
Authentication
using 1st key
Session
Identity Information
Proof of Possession of
2nd key
IdP
FIDO Server
IdP Server
RP
FIDO Server
RP Server
Based on NIST 800-63-3 requirements for FAL3,
this deployment model can qualify for FAL 3
(provided that other conditions are met)
Browser w/
FIDO Client
Authenticator
All Rights Reserved | FIDO Alliance | Copyright 201823
24. Benefits of FIDO & Federation Integration
Users continue to enjoy the benefits of Federated SSO,
while FIDO provides a more convenient, more secure and
privacy preserving method of authentication
Organizations offer a streamlined authentication method
without putting user identity attributes at risk
All Rights Reserved | FIDO Alliance | Copyright 201824
25. While using Federation Authentication, add FIDO support
today and get its benefits
- 200+ Certified FIDO authenticators
- 85+ FIDO certified server implementations
- Some are deployed as part of a Federated authentication solution
For more details on FIDO and Federation integration, read
FIDO Alliance Enterprise Adoption Best Practices white
paper
All Rights Reserved | FIDO Alliance | Copyright 201825