Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
FIDOs place in the eID ecosystem
Maarten Wegdam, managing partner
PIMN Seminar on FIDO Alliance
23 January 2015
Identity, privacy
& trust
Strategy
realization
Business
models
Digitalization in networks of organizations
Research-based ...
Without FIDO
Separate authenticators for
every websites/identity
No choice between
authenticators
Rarely use the embedded
...
Without FIDO
Costs and user friction for
non-password/2nd factor
authentication
Vendor lock-in to
authenticator
Often use ...
BYOId vs BYOAuthn
FIDO is about BYOAuthn, not BYOId
(trusted ?)
attributes
authenti-
cation
BYOId
verication/
issuing proc...
FIDO vs social login
Social login is often associated with
BYOId, but is more BYOAuthn in reality
FIDO may reduce usage of...
FIDO vs eID Framework NL
FIDO can be used by Authentication
providers
Potentially easier to adopt new
authentication means...
FIDO vs Oath
OATH - Initiative for Open
Authentication
TOTP is often used, e.g., Google
authenticator
Aimed at one-time pa...
FIDO a hype?
Gartner (17 nov 2014): “beyond
Samsung Galaxy S5-Paypal no significant
implementations yet”
Kuppinger Cole (1...
A perspective on FIDO
What it does offer
• For relying parties: flexibility, ease of integration, less vendor lock-in
• Fo...
Take aways
FIDO is about BYOAuthn, not BYOId
FIDO enables non-password, non-OTP authentication
factors
As always, adoption...
Upcoming SlideShare
Loading in …5
×

FIDOs place in the identity ecosystem

973 views

Published on

A presentation on the FIDO authentication specification, as presented at a PIMN event on 23 January 2015 in The Hague (NL). Please note there is no introduction on FIDO, this was done by speakers earlier in the program.

Published in: Internet
  • Be the first to comment

  • Be the first to like this

FIDOs place in the identity ecosystem

  1. 1. FIDOs place in the eID ecosystem Maarten Wegdam, managing partner PIMN Seminar on FIDO Alliance 23 January 2015
  2. 2. Identity, privacy & trust Strategy realization Business models Digitalization in networks of organizations Research-based advice & software
  3. 3. Without FIDO Separate authenticators for every websites/identity No choice between authenticators Rarely use the embedded authenticators of your mobile (e.g., fingerprint sensor) With FIDO Select own authenticator at registration time Less passwords and/or more 2nd factors End-user perspective
  4. 4. Without FIDO Costs and user friction for non-password/2nd factor authentication Vendor lock-in to authenticator Often use one-time- password like 2nd factors (SMS, TOTP app etc) With FIDO No biometric data on premise Flexibility & easy integration Allow wide range of authenticators No (?) branding on authenticators Relying party perspective
  5. 5. BYOId vs BYOAuthn FIDO is about BYOAuthn, not BYOId (trusted ?) attributes authenti- cation BYOId verication/ issuing process authenti- cation means level of assurance [STORK, ISO29115] BYOId – e.g. OpenID, eID Framework NL, SAML federations, trust frameworks etc
  6. 6. FIDO vs social login Social login is often associated with BYOId, but is more BYOAuthn in reality FIDO may reduce usage of social logins But not very popular in NL anyway …
  7. 7. FIDO vs eID Framework NL FIDO can be used by Authentication providers Potentially easier to adopt new authentication means NO impact on service providers (websites): they simply use SAML
  8. 8. FIDO vs Oath OATH - Initiative for Open Authentication TOTP is often used, e.g., Google authenticator Aimed at one-time passwords
  9. 9. FIDO a hype? Gartner (17 nov 2014): “beyond Samsung Galaxy S5-Paypal no significant implementations yet” Kuppinger Cole (10 dec 2014): from more skeptical to “the initiative is gaining more traction”
  10. 10. A perspective on FIDO What it does offer • For relying parties: flexibility, ease of integration, less vendor lock-in • For users: re-use of authentication means aka BYOAuthn • Easier to move to non-password • No ‘spillover’ of hacks (anti-phishing, MITM, mutual authn) What it doesn’t offer • No attributes, no identity: no BYOId • No cross device authentication (yet ? USB + NFC), re-registration needed • No passwords, no one-time-passwords • No context-based or continuous authentication What remains to be seen • Will it confuse people? One authenticator for many identities? • Adoption is key: chicken-egg, especially browser and smartphone vendors
  11. 11. Take aways FIDO is about BYOAuthn, not BYOId FIDO enables non-password, non-OTP authentication factors As always, adoption is key, especially by browser and smartphone vendors maarten.wegdam@innovalor.nl | +31 6 51993485 | @maartenwegdam | http://innovalor.nl | http://www.linkedin.com/in/wegdam

×