FIDO & PSD2 – Achieving Strong Customer Authentication Compliance

Keycloak supports WebAuthn and FAPI by implementing their features and passing conformance tests. Hitachi contributed WebAuthn support and worked with NRI to add FAPI compliance, addressing issues like supporting newer signature algorithms and the PKCE protocol. Further contributions are welcomed to resolve remaining FAPI test issues.

APPS Japan 2019 FIDOアライアンス ボードメンバー / （株）NTTドコモ FIDO Japan WG座長 / プロダクト部 プロダクトイノベーション担当部長 森山　光一 FIDOアライアンス ボードメンバー / ヤフー（株） ID・セキュリティユニット / パスワードレス プロジェクトマネージャー 酒井　公希 https://forest.f2ff.jp/introduction?event_ids[]=4&project_id=1&action=search&e=apps

OAuth and OpenID Connect are the two most important security specs that API providers need to be aware of. In this session, Travis Spencer, CEO of Curity, will cram in as much about these two protocols as will fit into 20 minutes.

The document discusses the FIDO2 authentication process for creating and using passkeys across multiple devices. It describes creating a passkey for a banking app on Android, then signing into the same banking app on Windows and macOS using the passkey from Android. This involves scanning a QR code to link devices, performing user verification on each device, and having the passkey detected and stored locally on each new platform using the respective authentication method (Windows Hello, macOS, etc).

This document provides an overview and example of getting started with WebAuthn. It discusses the WebAuthn specification and terminology. It then demonstrates how to set up sample code to handle WebAuthn registration and login requests and responses. Specifically, it shows the structure of registration and login options that are sent to clients, and the credential responses that are returned, including parsing the response details. Key areas like challenges, credentials, attestation, and extensions are described. The document aims to help attendees understand how WebAuthn works at a high level and see an example implementation.

John Bradley, Ping Identity, gave this presentation at the AllSeen Alliance's Partner Programme at Mobile World Congress 2015. About Ping Identity: Ping Identity provides next-generation identity security solutions. With more than 1,200 enterprise customers worldwide, including half of the Fortune 100, Ping Identity delivers professional-grade identity security solutions that meet the needs of organizations managing workforce, customer, and partner identities. Identity at Internet scale is a concept that will be required as the industry builds services that encompass billions of connected devices and identities.

Rolf Lindemann, Senior Director of Products & Technology at Nok Nok Labs, Inc., offers an in-depth FIDO U2F&UAF Tutorial.

This document provides a summary of a presentation on passwordless authentication and the role of the FIDO Alliance. It begins with statistics showing the increasing costs and impacts of cyberattacks targeting financial services. The presentation then discusses predictions that phishing attacks and MFA bypass attacks will continue to grow. However, it also predicts that enterprise passwordless deployments and consumer-ready solutions will increase rapidly. The rest of the presentation focuses on the FIDO Alliance's work to develop open standards for simpler and stronger authentication using public key cryptography and possession-based credentials like "passkeys." It discusses growing browser, platform and government support for FIDO and the Alliance's initiatives to further improve usability while maintaining security, such as new guidelines

- FIDO2 is a passwordless authentication standard that uses public key cryptography instead of passwords - It involves an initial registration process where a public/private key pair is created and the public key is associated with the user's account - Authentication then involves validating the signature from the private key without exposing any secrets - FIDO2 supports various form factors beyond USB keys like mobile devices and provides stronger security than passwords

What is a Verifiable Credential, and Why Does it Matter? https://identiverse.com/idv2022/session/841421/ "A verifiable credential (VC) is an assertion with a secret weapon – called a verifiable presentation (VP). VCs and VPs are unique in that they enable users to directly hold and present claims about themselves, issued by many different authorities. This is an important addition to the domain-relative credentials that are presented today as part of federated sign-in or SSO contexts. You may ask – why is that direct presentation important? Kristina Yasuda will talk through how VCs and VPs work, what makes VCs different from common federated credentials, and what VCs could change about how we interact with data in the future."

Self-sovereign identity (SSI) is a new identity model that gives the user control and ownership over her data. To dive into what this means and the benefits it offers, Evernym's Andy Tobin gave a webinar on October 17, 2019 introducing the topic of self-sovereign identity and its role in transforming customer experiences and unlocking competitive advantage.

Prepared for OAuth & OIDC 勉強会 (FAPI & CIBA 特集!) https://authlete.connpass.com/event/122946/

This document discusses the growing adoption of FIDO authentication standards for passwordless, phishing-resistant multi-factor authentication. It predicts that in 2022, enterprise passwordless deployments will grow rapidly as mobile platforms provide consumer-ready solutions at scale. The document outlines how FIDO specifications offer simpler and stronger authentication using public key cryptography backed by major technology companies. It notes that over 5 billion devices now support FIDO and more than 150 million people are using passwordless methods each month. Government policies are evolving to recognize FIDO authentication as the preferred choice and gold standard for phishing-resistant multi-factor authentication.

What are decentralized identifiers (DIDs), how do they enable self-sovereign identity, and what does W3C standardization mean for interoperability and adoption? Evernym's Drummond Reed and Brent Zundel discussed all this and more on our Sep 26, 2019 webinar.

OpenID BizDay #15 講演資料 KYC ワーキンググループ成果発表①：次世代 KYC に関する検討状況

This document discusses digital identity wallets and their potential benefits for banks. Digital identity wallets allow individuals to store credentials that can be securely and privately shared with organizations to verify attributes like identity, age, membership status. They minimize data collection and use privacy techniques. Banks could use them to streamline know-your-customer processes, replace passwords with secure authentication, and improve customer experiences through personalized services and messaging. The technology relies on cryptographic proofs and keeping data decentralized and off-chain for privacy and security according to global standards like GDPR.

The document discusses selecting authenticators for FIDO2 registration. It provides an overview of the FIDO2 registration process and the steps involved. It describes using the Authenticator Attestation Identifier (AAGUID) to identify the authenticator model and obtaining additional metadata from the FIDO Metadata Service (MDS). The MDS can provide details about authenticators, including how user verification and key protection are implemented. Selecting authenticators allows relying parties to control which devices can be used for authentication.

1) The FIDO Alliance authentication certification program evaluates and certifies authenticators at different security levels to create trust between relying parties and authenticators. 2) Higher certification levels provide defenses against more sophisticated attacks, with Level 3+ providing the highest security against physical attacks on authenticator devices. 3) The certification process involves security reviews and penetration testing conducted by accredited laboratories. Companion certification programs can reduce the cost and time of certification for vendors.

The document discusses technical principles of FIDO authentication. It provides an overview of how FIDO works, including the FIDO ecosystem with authenticators, clients, servers and relying parties. It also summarizes the FIDO registration and authentication processes, which separate user verification from authentication through the use of public and private keys.

An overview of the technical principles of the FIDO Authentication specifications for online authentication.

A detailed look at FIDO Authentication, how FIDO works, FIDO & federation, attestation and meta data, and more.

A detailed, technical look at the FIDO specifications including the use cases, registration, authentication and fundamentals of FIDO.

The document discusses FIDO Alliance's efforts to create simpler and stronger authentication standards to replace passwords. It provides an overview of FIDO authentication, including how it works, adoption rates, and certification programs. It also summarizes the Alliance's work in identity verification, binding, and FIDO Device Onboarding to fill gaps and further the passwordless vision.

Brett McDowell, the Executive Director of the FIDO Alliance, gave a presentation on the vision and status of the FIDO Alliance in Tokyo. The presentation discussed how authentication is a major problem, how over 250 organizations are working together through the FIDO Alliance to solve this problem, and the FIDO Alliance's mission to create simpler and stronger authentication standards using public key cryptography. It provided an overview of how old and FIDO authentication works, the specifications roadmap, growing certification programs, and support across platforms. In closing, McDowell announced news of expanded FIDO support on Android 8.0 devices and a new FIDO certified implementation from NTT DOCOMO.