SlideShare a Scribd company logo

New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin

Download as PPTX, PDF
FIDO Alliance
FIDO Alliance

FIDO 2.0 specifications are being developed to standardize strong web authentication across platforms. This includes a Web Authentication API submitted to W3C, key attestation and signature formats. A Client to Authenticator Protocol enables authentication using external devices over transports like USB, Bluetooth, and NFC. FIDO aims to accelerate adoption by providing authentication built into browsers, operating systems, and platforms.

Technology
1 of 31
NEW FIDO SPECIFICATIONS OVERVIEW - STRONG WEB AUTHENTICATION - 12/8/2016 Chief Security Architect, Microsoft FIDO2.0 TWG Co-Chair Anthony J Nadalin All Rights Reserved. FIDO Alliance. Copyright 2016
for platforms in ubiquitous environments FIDO All Rights Reserved. FIDO Alliance. Copyright 2016 2
What is missing in FIDO today... •Universal distribution of the FIDO technology •Ideally •Every major platform delivers the FIDO API and technology •Web platforms, OS Platforms All Rights Reserved. FIDO Alliance. Copyright 2016 3
How will platform support help? • Accelerate mass FIDO adoption • For RP • It’s available on all devices, so incentive to adopt • PC may have an imbedded authenticator (TPM) • For the authenticator vendors • RPs are adopting, all devices want authenticators • Think way back to TCP/IP • Took off when Win95/MacOS integrated it • Compatible browsers appeared on all platforms All Rights Reserved. FIDO Alliance. Copyright 2016 4
So what FIDO is doing NOW? • Crafting standards which in future will come built-in in all platforms. • The web platform is special, and the future API needs to be standardized in W3C, hence FIDO liaison with W3C. • The Web API is the first one we standardize and use it to drive other platform (native) specific APIs All Rights Reserved. FIDO Alliance. Copyright 2016 5
Goals All Rights Reserved. FIDO Alliance. Copyright 2016 Support for Major Platforms (Browsers, OSs) Chrome IE/Edge Firefox Safari etc. Browsers Windows Android MacOS iOS etc. Web Authentication ServerWeb Authentication Clients/Authenticators 6 OSs
Specifications All Rights Reserved. FIDO Alliance. Copyright 2016 • Web API • Key Attestation Format • Signature Format These are submitted to W3C, the international standards organization for the World Wide Web. • CTAP (Client to Authenticator Protocol) Web Platform API specs: Client to Authenticator Protocol: Abstract API calls (in/out) and messages Communication between client and external authenticator *API: Application Programming Interface 7
Overview All Rights Reserved. FIDO Alliance. Copyright 2016 User Device OS/Browser (FIDO Client) RP ServerRP App Formats - Signature - Key Attestation W3C Web API FIDO Server Client to Authenticator Protocol Server Authenticator Authenticator *RP: Relying Party OS Platform API OS Platform API 8
Web API for Accessing FIDO 2.0 Technology All Rights Reserved. FIDO Alliance. Copyright 2016 Specifies an API that enables web pages to access FIDO 2.0 compliant strong cryptographic technology through Javascript. (1) service request (2) authentication requestJava script calls credential API (3) Request for cryptographic operation Scoped Credential information required for authentication (private key) (instead of password) Authenticator (5) Response with cryptographic proof (4) User gesture allows cryptographic operations Browser Server User 9
Use Case for Web API (1) All Rights Reserved. FIDO Alliance. Copyright 2016 (2) registration request (3) Request for Scoped Credential creation (5) Response with Scoped Credential information (public key, attestation, client data (with signature), etc.) (4) Scoped Credential creation Registration of authenticator Java script calls credential API “Do you want to register this device (authenticator) with server?” - User gesture - Authorize creating a key pair 10 (1) service request Authenticator Private key ServerBrowser User public key
“Do you want to authenticate using this device (authenticator)?” - User gesture - Authorize using an existing credential Use Case for Web API (2) All Rights Reserved. FIDO Alliance. Copyright 2016 (1) service request (2) authentication request (5) Response with assertion (signed challenge + other data) (4) Credential discoveryPrivate key Authentication using registered authenticator Java script calls credential API (3) Request for authentication 11 (1) service request Authenticator Private key Public key ServerBrowser User
Browser Responsibilities • Compose messages for operations • Provide origin and RP IDs • Compute client data hashes • Process extensions • Provide UI for authenticators that lack the ability • Error handling / housekeeping All Rights Reserved. FIDO Alliance. Copyright 2016 12
Authenticator Responsibilities • Perform operations • Obtain user gesture if needed: consent button, password, PIN, a biometric... • Process extensions • e.g. show and sign message for transaction auth • Provide Attestation(s) All Rights Reserved. FIDO Alliance. Copyright 2016 13
API Details • makeCredential: key generation with attestation • used to register new keypair with RP • getAssertion: authentication • mixes in state like facet id, token-binding id • also: key discovery (for “typeless” authentication) All Rights Reserved. FIDO Alliance. Copyright 2016 14
Key Attestation Format • Defines generic data structures that cover the semantics of FIDO various authenticator attestation formats. • Authenticator asserts the trust of a private key that it maintains. • Provides profiles such as TPM, Android, etc. All Rights Reserved. FIDO Alliance. Copyright 2016 15
Signature Format • Proves possession of a private key of a FIDO 2.0 credential and asserts contextual information about the client and authenticator that generated it. • Client data allows other information to be bound to signature All Rights Reserved. FIDO Alliance. Copyright 2016 16
High Level Operations All Rights Reserved. FIDO Alliance. Copyright 2016 17
High Level Operations All Rights Reserved. FIDO Alliance. Copyright 2016 18
Web Authentication API Example All Rights Reserved. FIDO Alliance. Copyright 2016 /* Verify platform is capable. Handle error if not. */ } var userAccountInformation = { rpDisplayName: "Acme", displayName: "John P. Smith", name: "johnpsmith@example.com", id: "1098237235409872", imageURL: "https://pics.acme.com/00/p/aBjjjpqPb.png" }; var cryptoParams = [{type: "ScopedCred", algorithm: "ES256"}, {type: "ScopedCred", algorithm: "RS256"}]; var challenge = "Y2xpbWIgYSBtb3VudGFpbg"; var timeoutSeconds = 300; // 5 minutes var blacklist = []; // No blacklist var extensions = {}; // No extensions // Note: The following call will cause the authenticator to display UI. window.webauthnAPI.makeCredential(userAccountInformation, cryptoParams, challenge, timeoutSeconds, blacklist, extensions) .then(function (newCredentialInfo) { // Send new credential info to server for verification and registration. }).catch(function (err) { // No acceptable authenticator or user refused consent. Handle appropriately. }); 19
Browser Operations All Rights Reserved. FIDO Alliance. Copyright 2016 20
Authenticator Operations All Rights Reserved. FIDO Alliance. Copyright 2016 21
Authenticator Operations All Rights Reserved. FIDO Alliance. Copyright 2016 22
CTAP (Client to Authenticator Protocol) All Rights Reserved. FIDO Alliance. Copyright 2016 Java script calls for credential (3) Request for cryptographic operation External Authenticator browser (4) credential creation/discovery Private key User device Transport binding for USB/BLE/NFC located outside of user device • Describes an application layer protocol for communication between an external authenticator and another client/platform. • Can be run over a variety of transport protocols using different physical media. User 23
Use Case for CTAP All Rights Reserved. FIDO Alliance. Copyright 2016 Example) Authentication for an application on PC using a smartphone Private key BLE User can choose an external authenticator that is used to authenticate himself for applications running on his multiple clients across devices. Public key Server PC (Client) Smartphone (external authenticator) User FIDO Authentication 24
Current Timeline • W3C Web Authentication Specification • Candidate Recommendation 1Q2017 • FIDO Client to Authenticator Protocol • Implementation draft 1Q2017 All Rights Reserved. FIDO Alliance. Copyright 2016 25
Summary • FIDO authentication • Authenticators are pluggable, using public key cryptography. • FIDO 1.X deployments have enabled FIDO ecosystem in market. • FIDO 2.0: for platforms (Web Platform and OS Platforms) natively supporting FIDO • Web Platform APIs: submitted to W3C • CTAP enables client authentication using external authenticator. All Rights Reserved. FIDO Alliance. Copyright 2016 FIDO continues to expand its ecosystem to support authentication in ubiquitous computing with FIDO 2.0. 26
Specification References • W3C Web Authentication Specification Latest Draft http://www.w3.org/TR/2016/WD-webauthn-20160902/ • FIDO Client to Authenticator Protocol https://fidoalliance.org/specs/fido-v2.0-rd-20161004/fido- client-to-authenticator-protocol-v2.0-rd-20161004.pdf All Rights Reserved. FIDO Alliance. Copyright 2016 27
Thank you for your attention! All Rights Reserved. FIDO Alliance. Copyright 2016 28
Acknowledgement • Thank FIDO Alliance members especially FIDO 2.0 Technology Working Group members. • Thank W3C for the collaboration. • Thank Dr. Gomi’s and his presentation for FIDO Tokyo Seminar 2015. All Rights Reserved. FIDO Alliance. Copyright 2016 29
All Rights Reserved. FIDO Alliance. Copyright 2016 30
All Rights Reserved. FIDO Alliance. Copyright 2016. 31 Please Silence All Electronic Devices

Recommended

FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 

Recommended

FIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Specifications Overview: UAF & U2F
FIDO Specifications Overview: UAF & U2FFIDO Alliance
 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
 
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO & PSD2: Solving the Strong Customer Authentication Challenge in Europe
FIDO & PSD2: Solving the Strong Customer Authentication Challenge in EuropeFIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
 
Fido Technical Overview
Fido Technical OverviewFido Technical Overview
Fido Technical OverviewFIDO Alliance
 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO CertificationFIDO Alliance
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCIKaliya "Identity Woman" Young
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Haniyama Wataru
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 
NTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleNTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleFIDO Alliance
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithFIDO Alliance
 

More Related Content

What's hot

Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO CertificationFIDO Alliance
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO Alliance
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO Alliance
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO Alliance
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...Torsten Lodderstedt
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO Alliance
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Haniyama Wataru
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO Alliance
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinarmarcuschristie
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakYuichi Nakamura
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
 

What's hot (20)

Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
The Value of FIDO Certification
The Value of FIDO CertificationThe Value of FIDO Certification
The Value of FIDO Certification
 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
FIDO U2F & UAF Tutorial
FIDO U2F & UAF TutorialFIDO U2F & UAF Tutorial
FIDO U2F & UAF Tutorial
 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
 
FIDO and the Future of User Authentication
FIDO and the Future of User AuthenticationFIDO and the Future of User Authentication
FIDO and the Future of User Authentication
 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
 
FIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and InsightsFIDO UAF 1.0 Specs: Overview and Insights
FIDO UAF 1.0 Specs: Overview and Insights
 
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
 
Verifiable credentials explained by CCI
Verifiable credentials explained by CCIVerifiable credentials explained by CCI
Verifiable credentials explained by CCI
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial FIDO UAF Specifications: Overview & Tutorial
FIDO UAF Specifications: Overview & Tutorial
 
Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web Authentication
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装
 
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication ComplianceFIDO & PSD2 – Achieving Strong Customer Authentication Compliance
FIDO & PSD2 – Achieving Strong Customer Authentication Compliance
 
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler WebinarKeycloak for Science Gateways - SGCI Technology Sampler Webinar
Keycloak for Science Gateways - SGCI Technology Sampler Webinar
 
Implementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on KeycloakImplementing WebAuthn & FAPI supports on Keycloak
Implementing WebAuthn & FAPI supports on Keycloak
 
FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
 

Viewers also liked

NTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleNTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleFIDO Alliance
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithFIDO Alliance
 
FIDO Alliance Activity in Japan
FIDO Alliance Activity in Japan FIDO Alliance Activity in Japan
FIDO Alliance Activity in Japan FIDO Alliance
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellFIDO Alliance
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Alliance
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...FIDO Alliance
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...FIDO Alliance
 

Viewers also liked (7)

NTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More SimpleNTT Docomo Deployment Case Study: Your Security, More Simple
NTT Docomo Deployment Case Study: Your Security, More Simple
 
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -SmithW3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
W3C Presentation -FIDO Alliance -Tokyo Seminar -Smith
 
FIDO Alliance Activity in Japan
FIDO Alliance Activity in Japan FIDO Alliance Activity in Japan
FIDO Alliance Activity in Japan
 
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowellIntroduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
Introduction to FIDO Alliance: Vision and Status -Tokyo Seminar -Brett McDowell
 
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
FIDO Authentication: Its Evolution and Opportunities in Business -FIDO Allian...
 
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
Google Case Study: Becoming Unphisable: Towards Simpler, Stronger Authenticat...
 
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
KICA Case Study: Bio-Authentication and PKI Trends in Korea -FIDO Alliance -T...
 

Similar to New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin

FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonKi-Eun Shin
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Jaime Ruiz
 
FIDO2の概要と最新状況
FIDO2の概要と最新状況FIDO2の概要と最新状況
FIDO2の概要と最新状況FIDO Alliance
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCloudIDSummit
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of ThingsFIDO Alliance
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialFIDO Alliance
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications OverviewFIDO Alliance
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Alliance
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensForgeRock
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingForgeRock
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...ForgeRock
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusFIDO Alliance
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusFIDO Alliance
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)ForgeRock
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldVMware Tanzu
 

Similar to New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin (20)

FIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG HackathonFIDO Technical Overview at FIDO KWG Hackathon
FIDO Technical Overview at FIDO KWG Hackathon
 
FIDO2 and Microsoft
FIDO2 and MicrosoftFIDO2 and Microsoft
FIDO2 and Microsoft
 
Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005Fido uaf-overview-v1.1-rd-20161005
Fido uaf-overview-v1.1-rd-20161005
 
FIDOAlliance
FIDOAllianceFIDOAlliance
FIDOAlliance
 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & Microsoft
 
FIDO2の概要と最新状況
FIDO2の概要と最新状況FIDO2の概要と最新状況
FIDO2の概要と最新状況
 
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) SpecificationsCIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
CIS14: An Overview of FIDO's Universal Factor (UAF) Specifications
 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication
 
FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things FIDO, Federation and the Internet of Things
FIDO, Federation and the Internet of Things
 
Getting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical TutorialGetting to Know the FIDO Specifications - Technical Tutorial
Getting to Know the FIDO Specifications - Technical Tutorial
 
FIDO Specifications Overview
FIDO Specifications OverviewFIDO Specifications Overview
FIDO Specifications Overview
 
FIDO Authentication Technical Overview
FIDO Authentication Technical OverviewFIDO Authentication Technical Overview
FIDO Authentication Technical Overview
 
Webinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform AwakensWebinar: Identity Wars: The Unified Platform Awakens
Webinar: Identity Wars: The Unified Platform Awakens
 
ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016 ForgeRock Platform Release - Summer 2016
ForgeRock Platform Release - Summer 2016
 
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through ScriptingWebinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
Webinar: Extend The Power of The ForgeRock Identity Platform Through Scripting
 
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
Webinar: Access Management with the ForgeRock Identity Platform - So What’s N...
 
Introduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & StatusIntroduction to the FIDO Alliance: Vision & Status
Introduction to the FIDO Alliance: Vision & Status
 
Tokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and StatusTokyo Seminar: FIDO Alliance Vision and Status
Tokyo Seminar: FIDO Alliance Vision and Status
 
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)Webinar: ForgeRock Identity Platform Preview (Dec 2015)
Webinar: ForgeRock Identity Platform Preview (Dec 2015)
 
An Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices WorldAn Authentication and Authorization Architecture for a Microservices World
An Authentication and Authorization Architecture for a Microservices World
 

More from FIDO Alliance

IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向FIDO Alliance
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想FIDO Alliance
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案FIDO Alliance
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察FIDO Alliance
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへFIDO Alliance
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来FIDO Alliance
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO Alliance
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例FIDO Alliance
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスFIDO Alliance
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークFIDO Alliance
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポートFIDO Alliance
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
 

More from FIDO Alliance (20)

IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
 
新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向新しい認証技術FIDOの最新動向
新しい認証技術FIDOの最新動向
 
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想日立PBI技術を用いた「デバイスフリーリモートワーク」構想
日立PBI技術を用いた「デバイスフリーリモートワーク」構想
 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
 
富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案富士通の生体認証ソリューションと提案
富士通の生体認証ソリューションと提案
 
テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察テレワーク本格導入におけるID認証考察
テレワーク本格導入におけるID認証考察
 
「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ「開けゴマ!」からYubiKeyへ
「開けゴマ!」からYubiKeyへ
 
YubiOnが目指す未来
YubiOnが目指す未来YubiOnが目指す未来
YubiOnが目指す未来
 
FIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみたFIDO2導入してみたを考えてみた
FIDO2導入してみたを考えてみた
 
中小企業によるFIDO導入事例
中小企業によるFIDO導入事例中小企業によるFIDO導入事例
中小企業によるFIDO導入事例
 
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセスVPNはもう卒業!FIDO2認証で次世代リモートアクセス
VPNはもう卒業!FIDO2認証で次世代リモートアクセス
 
CloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワークCloudGate UNOで安全便利なパスワードレスリモートワーク
CloudGate UNOで安全便利なパスワードレスリモートワーク
 
数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート数々の実績:迅速なFIDO認証の展開をサポート
数々の実績:迅速なFIDO認証の展開をサポート
 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
 

Recently uploaded

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusZilliz
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 

Recently uploaded (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

New FIDO Specifications Overview -FIDO Alliance -Tokyo Seminar -Nadalin

  • 1. NEW FIDO SPECIFICATIONS OVERVIEW - STRONG WEB AUTHENTICATION - 12/8/2016 Chief Security Architect, Microsoft FIDO2.0 TWG Co-Chair Anthony J Nadalin All Rights Reserved. FIDO Alliance. Copyright 2016
  • 2. for platforms in ubiquitous environments FIDO All Rights Reserved. FIDO Alliance. Copyright 2016 2
  • 3. What is missing in FIDO today... •Universal distribution of the FIDO technology •Ideally •Every major platform delivers the FIDO API and technology •Web platforms, OS Platforms All Rights Reserved. FIDO Alliance. Copyright 2016 3
  • 4. How will platform support help? • Accelerate mass FIDO adoption • For RP • It’s available on all devices, so incentive to adopt • PC may have an imbedded authenticator (TPM) • For the authenticator vendors • RPs are adopting, all devices want authenticators • Think way back to TCP/IP • Took off when Win95/MacOS integrated it • Compatible browsers appeared on all platforms All Rights Reserved. FIDO Alliance. Copyright 2016 4
  • 5. So what FIDO is doing NOW? • Crafting standards which in future will come built-in in all platforms. • The web platform is special, and the future API needs to be standardized in W3C, hence FIDO liaison with W3C. • The Web API is the first one we standardize and use it to drive other platform (native) specific APIs All Rights Reserved. FIDO Alliance. Copyright 2016 5
  • 6. Goals All Rights Reserved. FIDO Alliance. Copyright 2016 Support for Major Platforms (Browsers, OSs) Chrome IE/Edge Firefox Safari etc. Browsers Windows Android MacOS iOS etc. Web Authentication ServerWeb Authentication Clients/Authenticators 6 OSs
  • 7. Specifications All Rights Reserved. FIDO Alliance. Copyright 2016 • Web API • Key Attestation Format • Signature Format These are submitted to W3C, the international standards organization for the World Wide Web. • CTAP (Client to Authenticator Protocol) Web Platform API specs: Client to Authenticator Protocol: Abstract API calls (in/out) and messages Communication between client and external authenticator *API: Application Programming Interface 7
  • 8. Overview All Rights Reserved. FIDO Alliance. Copyright 2016 User Device OS/Browser (FIDO Client) RP ServerRP App Formats - Signature - Key Attestation W3C Web API FIDO Server Client to Authenticator Protocol Server Authenticator Authenticator *RP: Relying Party OS Platform API OS Platform API 8
  • 9. Web API for Accessing FIDO 2.0 Technology All Rights Reserved. FIDO Alliance. Copyright 2016 Specifies an API that enables web pages to access FIDO 2.0 compliant strong cryptographic technology through Javascript. (1) service request (2) authentication requestJava script calls credential API (3) Request for cryptographic operation Scoped Credential information required for authentication (private key) (instead of password) Authenticator (5) Response with cryptographic proof (4) User gesture allows cryptographic operations Browser Server User 9
  • 10. Use Case for Web API (1) All Rights Reserved. FIDO Alliance. Copyright 2016 (2) registration request (3) Request for Scoped Credential creation (5) Response with Scoped Credential information (public key, attestation, client data (with signature), etc.) (4) Scoped Credential creation Registration of authenticator Java script calls credential API “Do you want to register this device (authenticator) with server?” - User gesture - Authorize creating a key pair 10 (1) service request Authenticator Private key ServerBrowser User public key
  • 11. “Do you want to authenticate using this device (authenticator)?” - User gesture - Authorize using an existing credential Use Case for Web API (2) All Rights Reserved. FIDO Alliance. Copyright 2016 (1) service request (2) authentication request (5) Response with assertion (signed challenge + other data) (4) Credential discoveryPrivate key Authentication using registered authenticator Java script calls credential API (3) Request for authentication 11 (1) service request Authenticator Private key Public key ServerBrowser User
  • 12. Browser Responsibilities • Compose messages for operations • Provide origin and RP IDs • Compute client data hashes • Process extensions • Provide UI for authenticators that lack the ability • Error handling / housekeeping All Rights Reserved. FIDO Alliance. Copyright 2016 12
  • 13. Authenticator Responsibilities • Perform operations • Obtain user gesture if needed: consent button, password, PIN, a biometric... • Process extensions • e.g. show and sign message for transaction auth • Provide Attestation(s) All Rights Reserved. FIDO Alliance. Copyright 2016 13
  • 14. API Details • makeCredential: key generation with attestation • used to register new keypair with RP • getAssertion: authentication • mixes in state like facet id, token-binding id • also: key discovery (for “typeless” authentication) All Rights Reserved. FIDO Alliance. Copyright 2016 14
  • 15. Key Attestation Format • Defines generic data structures that cover the semantics of FIDO various authenticator attestation formats. • Authenticator asserts the trust of a private key that it maintains. • Provides profiles such as TPM, Android, etc. All Rights Reserved. FIDO Alliance. Copyright 2016 15
  • 16. Signature Format • Proves possession of a private key of a FIDO 2.0 credential and asserts contextual information about the client and authenticator that generated it. • Client data allows other information to be bound to signature All Rights Reserved. FIDO Alliance. Copyright 2016 16
  • 17. High Level Operations All Rights Reserved. FIDO Alliance. Copyright 2016 17
  • 18. High Level Operations All Rights Reserved. FIDO Alliance. Copyright 2016 18
  • 19. Web Authentication API Example All Rights Reserved. FIDO Alliance. Copyright 2016 /* Verify platform is capable. Handle error if not. */ } var userAccountInformation = { rpDisplayName: "Acme", displayName: "John P. Smith", name: "johnpsmith@example.com", id: "1098237235409872", imageURL: "https://pics.acme.com/00/p/aBjjjpqPb.png" }; var cryptoParams = [{type: "ScopedCred", algorithm: "ES256"}, {type: "ScopedCred", algorithm: "RS256"}]; var challenge = "Y2xpbWIgYSBtb3VudGFpbg"; var timeoutSeconds = 300; // 5 minutes var blacklist = []; // No blacklist var extensions = {}; // No extensions // Note: The following call will cause the authenticator to display UI. window.webauthnAPI.makeCredential(userAccountInformation, cryptoParams, challenge, timeoutSeconds, blacklist, extensions) .then(function (newCredentialInfo) { // Send new credential info to server for verification and registration. }).catch(function (err) { // No acceptable authenticator or user refused consent. Handle appropriately. }); 19
  • 20. Browser Operations All Rights Reserved. FIDO Alliance. Copyright 2016 20
  • 21. Authenticator Operations All Rights Reserved. FIDO Alliance. Copyright 2016 21
  • 22. Authenticator Operations All Rights Reserved. FIDO Alliance. Copyright 2016 22
  • 23. CTAP (Client to Authenticator Protocol) All Rights Reserved. FIDO Alliance. Copyright 2016 Java script calls for credential (3) Request for cryptographic operation External Authenticator browser (4) credential creation/discovery Private key User device Transport binding for USB/BLE/NFC located outside of user device • Describes an application layer protocol for communication between an external authenticator and another client/platform. • Can be run over a variety of transport protocols using different physical media. User 23
  • 24. Use Case for CTAP All Rights Reserved. FIDO Alliance. Copyright 2016 Example) Authentication for an application on PC using a smartphone Private key BLE User can choose an external authenticator that is used to authenticate himself for applications running on his multiple clients across devices. Public key Server PC (Client) Smartphone (external authenticator) User FIDO Authentication 24
  • 25. Current Timeline • W3C Web Authentication Specification • Candidate Recommendation 1Q2017 • FIDO Client to Authenticator Protocol • Implementation draft 1Q2017 All Rights Reserved. FIDO Alliance. Copyright 2016 25
  • 26. Summary • FIDO authentication • Authenticators are pluggable, using public key cryptography. • FIDO 1.X deployments have enabled FIDO ecosystem in market. • FIDO 2.0: for platforms (Web Platform and OS Platforms) natively supporting FIDO • Web Platform APIs: submitted to W3C • CTAP enables client authentication using external authenticator. All Rights Reserved. FIDO Alliance. Copyright 2016 FIDO continues to expand its ecosystem to support authentication in ubiquitous computing with FIDO 2.0. 26
  • 27. Specification References • W3C Web Authentication Specification Latest Draft http://www.w3.org/TR/2016/WD-webauthn-20160902/ • FIDO Client to Authenticator Protocol https://fidoalliance.org/specs/fido-v2.0-rd-20161004/fido- client-to-authenticator-protocol-v2.0-rd-20161004.pdf All Rights Reserved. FIDO Alliance. Copyright 2016 27
  • 28. Thank you for your attention! All Rights Reserved. FIDO Alliance. Copyright 2016 28
  • 29. Acknowledgement • Thank FIDO Alliance members especially FIDO 2.0 Technology Working Group members. • Thank W3C for the collaboration. • Thank Dr. Gomi’s and his presentation for FIDO Tokyo Seminar 2015. All Rights Reserved. FIDO Alliance. Copyright 2016 29
  • 30. All Rights Reserved. FIDO Alliance. Copyright 2016 30
  • 31. All Rights Reserved. FIDO Alliance. Copyright 2016. 31 Please Silence All Electronic Devices