SlideShare a Scribd company logo

Securing a Web App with Security Keys

โ€ข
โ€ข
FIDO Alliance
FIDO Alliance

A tutorial for developers on how to implement passwordless authentication for web apps utilizing FIDO security keys.

Internet
1 of 37
Download to read offline
1 ยฉ2019Yubico ยฉ 2019 Yubico Securing a Web App with Passwordless Web Authentication Add WebAuthn to an existing web app
2 ยฉ2019Yubico โ— Workshop Overview โ—‹ What is passwordless authentication โ—‹ Security Key as the Root of Trust โ—‹ What to expect and what youโ€™ll need to get started โ— Overview of Yubicoโ€™s java-webauthn-server architecture โ—‹ Credential repository โ—‹ Registering credentials โ—‹ Authenticating credentials โ— Best practices โ— Start coding! Agenda
3 ยฉ2019Yubico โ— Strong MFA โ—‹ WebAuthn offers a strong Multi-Factor Authentication framework to minimize or replace the use of passwords with scoped public key-based credentials that are resistant to phishing, replay, and server breach attacks. โ— Passwordless Auth enabled by โ—‹ W3C Webauthn + FIDO2 Client to Authenticator Protocol version 2.0 (CTAP2) specs and resident credentials. โ— Resident Credentials โ—‹ Authenticator not only store the private key but also a user handle. The server can associate the user handle with an identity for authentication. What is Passwordless Authentication with WebAuthn?
4 ยฉ2019Yubico Security Keys as Root of Trust Anchoring FIDO2 / WebAuthn credentials in a root of trust is the cornerstone for building a secure identity model โ— A hardware-backed root of trust strengthens the account lifecycle โ—‹ Authentication, Step-Up Authentication, Account Recovery, Bootstrapping New Devices โ— An external authenticator, as the root of trust, is the anchor that creates a chain of trust with the internal authenticator โ—‹ Recording the authenticator used to register other authenticators creates a chain of trust that can be audited at a later date
5 ยฉ2019Yubico Passwordless Migration Strategy 4. Eliminate Passwords 3. Transition users to passwordless deployment 2. Minimize use of passwords in user flows 1. Deploy the WebAuthn / FIDO2 credential management system across the account lifecycle
6 ยฉ2019Yubico Learn how to implement passwordless authentication for web apps using: โ— Yubico WebAuthn Server Libraries โ— Spring Framework โ— Client to Authenticator Protocol Version 2.0 Compatible Browser โ—‹ Resident Credentials โ— FIDO2 Security Key What to expect from this workshop
7 ยฉ2019Yubico Some knowledge of: โ— Java โ— Spring Framework โ— JavaScript โ— WebAuthn API โ—‹ Browser with resident credential capability โ— Security Keys โ—‹ YubiKey Manager to reset FIDO credentials after workshop You need
8 ยฉ2019Yubico This workshop is split into multiple modules. Each module builds upon the previous module as you expand the application. You must complete each module before proceeding to the next. 1. Getting Started Instructions 2. Implement a Credential Repository 3. Implement WebAuthn Registration REST Endpoints 4. Implement WebAuthn Authentication REST Endpoints 5. Clean Up Instructions Workshop Modules
9 ยฉ2019Yubico This workshop can either be completed locally or in the cloud. โ— Instructions for running in the Azure Cloud Shell are included. If you already have a subscription you can use it or you can get a free trial. Azure Cloud Shell has all of the prerequisites already installed. โ— If you prefer a different cloud development environment, feel free to use it instead. Prerequisites: โ— Git โ— JDK 1.8+ โ— Maven 3.2+ โ— FIDO2 compatible platform / browser โ—‹ MacOS: Safari Technology Preview version 71+ โ—‹ Windows 10 version 1809+ with Edge โ— Your preferred text editor or IDE โ— A security key Development Environment
10 ยฉ2019Yubico โ— Enable the Develop Menu โ—‹ Choose Safari > Preferences, and click Advanced. โ—‹ At the bottom of the pane, select the โ€œShow Develop menu in menu barโ€ checkbox. โ— Enable Web Authentication Experimental Feature โ—‹ Choose Safari > Develop > Experimental Features โ—‹ Verify โ€œWeb Authenticationโ€ is checked โ— Private Window โ—‹ Running a web app on https://localhost:8443 may require using new private window โ— No Security Key PIN Support โ—‹ Security keys with a PIN set may not work with Safari yet. โ—‹ You can reset a security key back to factory default settings with the YubiKey Manager. Warning: A reset will remove all FIDO credentials. macOS Safari TP Tips
11 ยฉ2019Yubico Start by cloning the repository โ— git clone https://github.com/elukewalker/PasswordlessWorkshop Getting Started
12 ยฉ2019Yubico WebAuthn Application Architecture WebAuthn API in Browser Client/Platform CTAP1 and/or CTAP2 Server-Side App Relying Party WebAuthn Server WebAuthn Platform Auth API Internal Authenticator External Authenticator User Store External Metadata Services Register and Authenticate Client-Side JS Attestation Trust Store
13 ยฉ2019Yubico WebAuthn Demo Server Data Flow Browser API Server app logic Core librarystartRegistration() startAuthentication() PublicKeyCredentialCreationOptions PublicKeyCredentialRequestOptions Client side JS Encode to JSON Decode JSON navigator.credentials .create() .get() Encode to JSON Decode JSON finishRegistration() finishAssertion() UserIdentity PublicKeyCredential RegistrationResult AssertionResult Generate challenge etc. Handle result Inform user Validation logic
14 ยฉ2019Yubico Yubico/java-webauthn-server webauthn-server-core/ โ— Entity Data Model โ—‹ Assertion Request โ—‹ Assertion Result โ—‹ Attestation Object โ—‹ Authenticator Response โ—‹ Public Key Credential โ—‹ Public Key Credential Creation and Request Options โ—‹ Registration Result โ—‹ User Identity โ—‹ Attestation โ— Data Providers โ—‹ Credential Repository โ—‹ Metadata Service โ— Methods โ—‹ Registration โ—‹ Authentication โ—‹ Authenticated Actions
15 ยฉ2019Yubico WebAuthn Demo Server Architecture REST API HTTP/JSON translation Entities Registration Authentication Registration storage Persistent state Entry Points WebAuthn-Server-Core Data Providers DB Server layer Transient state (stateless) Metadata lookup DB External servicesConfiguration Constructor parameters Not included in workshop
16 ยฉ2019Yubico Application logic Core Library internal structure DB DB External services Constructor parameters Start operation UserIdentity PKCCreationOptions PKCRequestOptions Registration storage Metadata source Operation settings Challenge generator Finish operation Class RelyingParty PublicKeyCredential RegistrationResult AssertionResult
17 ยฉ2019Yubico What you need to provide โ— Storage for requests (temporary) โ—‹ Completely external to the library โ—‹ Library simply returns request objects โ—‹ finish* methods expect them to be passed back in โ— Storage for credentials (persistent) โ—‹ Library requires an adapter object (CredentialRepository) โ—‹ Library only looks credentials up โ—‹ You need to save new registrations to the DB โ— (Optional) Additional authenticator metadata sources โ—‹ In the future, the library will include a FIDO Metadata Service connector โ—‹ Optional module with Yubico device metadata as static files
18 ยฉ2018Yubico ยฉ 2018 Yubico Registration Walkthrough
19 ยฉ2019Yubico rp: relying party data. name is required. If id is left out then origins effective domain is used user: identity data. name, displayName (user friendly), and id (userHandle) are required challenge: contains challenge for generating the newly created credentialโ€™s attestationObject pubKeyCredParams: desired properties of credential to be created. type: only one type: โ€œpublic-keyโ€. alg: crypto signature algorithm preference excludeCredentials: limits creation of multiple creds for same account on a single authenticator. Credential descriptor includes cred type and cred id authenticatorSelection: specify authenticator requirements. When the requireResidentKey is true the authenticator must create a client side resident private key. userVerification can be โ€œpreferredโ€, โ€œrequiredโ€, or โ€œdiscouragedโ€ attestation: attestation conveyance preference. Default is โ€œnoneโ€. โ€œdirectโ€ indicates the rp wants to receive the attestation statement. โ€œindirectโ€ indicates prefers an attestation statement Public Key Credential Creation Options
20 ยฉ2019Yubico Registration Sequence hash(rpId), id, kpub , s, Apub id, clientData, attestationObject Verify origin Verify challenge Check Apub trust Check s using Apub Register kpub , id and userHandle Generate key pair (kpriv , kpub ) for rpId and sign c and kpub after User Presence/ Veri๏ฌcation hash(challenge, origin) clientData signature(hash(rpId) || id || kpub || c, Apriv ) Validate rpId against originrpId, c, userHandle Client Relying PartyAuthenticator attestationObject rpId, userHandle, challenge
21 ยฉ2019Yubico Start Registration Diagram username, displayName, credNickname REST API Start Registration Challenge Generator Registration Request challenge username, credNickname User Identity username, displayName Exclude Credentials Extensions RelyingParty Start Registration PublicKeyCredentialCreationOptions Register Request Storage return RegistrationRequest to client as JSON Credential Repository
22 ยฉ2019Yubico Credential Create Response โ€œauthDataโ€:... โ€œfmtโ€:โ€œpackedโ€ โ€œattStmtโ€:... attestationObject RP ID Hash Flags Counter Att. Cred Data Extensions AAGUID L Cred. ID Cred Public Key Authenticator Data โ€œalgโ€: ... โ€œsigโ€: ... โ€œx5cโ€: ... Attestation Statement โ€œalgโ€: ... โ€œsigโ€: ... โ€œecdaaKeyIdโ€: ... If Basic or Privacy CA If ECDAA Refer to W3C Web Authentication API for more details on attestation statements ED AT: 1 UV UP: 1
23 ยฉ2019Yubico Finish Registration Diagram JSON response REST API Finish Registration Credential Registration Registration Response Register Request Storage Registration Request Caller Token Binding Id RelyingParty Finish Registration Credential Repository addRegistration Registration Result Successful Registration Result Performs registration validation steps Returned to client Get by id and invalidate
24 ยฉ2019Yubico Registration Recap 1. Client calls startRegistration() endpoint โ—‹ With userName, displayName, and credentialNickname args 2. Relying Party generates RegistrationRequest โ—‹ With userName, credentialNickname, and PublicKeyCredentialCreationOptions 3. Client calls navigator.credentials.create() โ—‹ With data from the RegistrationRequest 4. Client calls finishRegistration() endpoint โ—‹ With authenticatorAttestationResponse JSONObject 5. Relying Party verifies attestation signature โ—‹ After validation, add user and associated credential to the credential repository
25 ยฉ2018Yubico ยฉ 2018 Yubico Authentication Walkthrough
26 ยฉ2019Yubico challenge: contains challenge that the authenticator signs as part of the authentication assertion rpId: relying party identifier claimed by the caller allowCredentials: list of public key credentials acceptable to the caller, can be omitted for username-less authentication. type: only one type: โ€œpublic-keyโ€. id: credential Id of the public key credentials userVerification: the default is โ€œpreferredโ€. Can also be set to โ€œrequiredโ€ or โ€œdiscouragedโ€ Public Key Credential Request Options
ยฉ2018Yubico Authentication Sequence First factor mode Client Relying Party id, rpId, challenge id, hash(rpId), s, clientData, userHandle Find user with id or userHandle Check id Check s using kpub Verify origin Verify challenge Authenticator signature(hash(rpId) || c, kpriv ) Validate rpId against origin hash(challenge, origin) clientData id, rpId, c Retrieve kpriv for rpId Sign c after User Presence/ Veri๏ฌcation id, hash(rpId), s, userHandle
28 ยฉ2019Yubico Start Authentication Diagram username REST API Start Authentication Challenge Generator Assertion Request challenge username RelyingParty Start Assertion Credential Repository username Extensions PublicKeyCredentialRequestOptions Assertion Request Storage return AssertionRequest to client as JSON Get credentials by username
29 ยฉ2019Yubico Client - Get Credential Response โ€œauthDataโ€: ... โ€œclientDataJSONโ€: ... โ€œsignatureโ€: ... Authenticator Assertion Response RP ID Hash Flags Counter Extensions Authenticator Data ED AT: 0 UV UP: 1 โ€œuserHandleโ€: ...
30 ยฉ2019Yubico Finish Authentication Diagram JSON response REST API Finish Authentication Successful Authentication Result Assertion Response Assertion Request Caller Token Binding Id RelyingParty Finish Assertion Credential RepositoryUpdate signature count Assertion Result Performs authentication validation steps Returned to client Get by id and invalidate Assertion Request Storage Credential Repository Get credentials by userHandle
31 ยฉ2019Yubico Authentication Recap 1. Client calls startAuthentication() endpoint โ—‹ With (or without) userName 2. Relying Party generates AssertionRequest โ—‹ With userName, and PublicKeyCredentialRequestOptions 3. Client calls navigator.credentials.get() โ—‹ With data from the AssertionRequest 4. Client calls finishAuthentication() endpoint โ—‹ With authenticatorAssertionResponse JSONObject 5. Relying Party verifies signature โ—‹ After validation, authentication is successful
32 ยฉ2019Yubico Best Practices โ— Store the verbatim attestation object โ—‹ Enables future re-evaluation of trust โ— Allow registering more than one credential per account โ—‹ Consider allowing credential nicknames โ— Weigh pros vs cons of requiring attestation โ—‹ Pros: โ€’ Higher assurance โ—‹ Cons: โ€’ Maintenance for attestation trust store โ€’ Compatibility issues for unknown/new authenticators (not in attestation trust store) โ— Security and Privacy Considerations โ—‹ Refer to W3C Web Authentication API spec https://www.w3.org/TR/webauthn/#security-considerations
33 ยฉ2019Yubico Recap โ— Anchoring resident credentials on roaming authenticators can enable passwordless authentication scenarios โ— Yubicoโ€™s java-webauthn-core library provides the entities and validation logic to integrate Web Authentication into server-side applications โ— Attestation can be stored and looked up to build a chain of trust and provide high assurance authentication โ— Build a UI that enables users to register multiple authenticators
34 ยฉ2019Yubico Resources โ— Workshop โ—‹ https://github.com/elukewalker/PasswordlessWorkshop โ— FIDO2/WebAuthn Developer Guide โ—‹ https://developers.yubico.com/FIDO2/FIDO2_WebAuthn_Developer_Guide/ โ— Java WebAuthn Server โ—‹ https://github.com/Yubico/java-webauthn-server โ— Yubico Developer Videos โ—‹ https://www.yubico.com/why-yubico/for-developers/developer-videos/ โ— W3C Web Authentication API โ—‹ https://www.w3.org/TR/webauthn โ— FIDO Client to Authenticator Protocol V 2.0 โ—‹ https://fidoalliance.org/specifications/download/
35 ยฉ2019Yubico yubi.co/devs Workshops, Webinars, Documentation, Implementation Guides, Reference Code, APIs, SDKs Yubico Developer Program
36 ยฉ2019Yubico Raise your hand if you need help Workshop repository https://github.com/elukewalker/PasswordlessWorkshop Questions?
37 ยฉ2019Yubico ยฉ 2019 Yubico

Recommended

Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
ย 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyHaniyama Wataru
ย 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
ย 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
ย 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & MicrosoftFIDO Alliance
ย 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
ย 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
ย 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
ย 

Recommended

Securing a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationSecuring a Web App with Passwordless Web Authentication
Securing a Web App with Passwordless Web AuthenticationFIDO Alliance
ย 
U2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyU2F/FIDO2 implementation of YubiKey
U2F/FIDO2 implementation of YubiKeyHaniyama Wataru
ย 
Developer Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidDeveloper Tutorial: WebAuthn for Web & FIDO2 for Android
Developer Tutorial: WebAuthn for Web & FIDO2 for AndroidFIDO Alliance
ย 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
ย 
FIDO2 & Microsoft
FIDO2 & MicrosoftFIDO2 & Microsoft
FIDO2 & MicrosoftFIDO Alliance
ย 
Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication Technical Considerations for Deploying FIDO Authentication
Technical Considerations for Deploying FIDO Authentication FIDO Alliance
ย 
FIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO2 Specifications Overview
FIDO2 Specifications OverviewFIDO Alliance
ย 
FIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Workshop-Demo Breakdown.pptx
FIDO Workshop-Demo Breakdown.pptxFIDO Alliance
ย 
FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
ย 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
ย 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security PatternsVMware Tanzu
ย 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
ย 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5Jesus Perez Franco
ย 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
ย 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
ย 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
ย 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
ย 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
ย 
Intro to Pentesting Jenkins
Intro to Pentesting JenkinsIntro to Pentesting Jenkins
Intro to Pentesting JenkinsBrian Hysell
ย 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
ย 
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ขแ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ขbeom kyun choi
ย 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
ย 
OpenID Connectๅ…ฅ้–€
OpenID Connectๅ…ฅ้–€OpenID Connectๅ…ฅ้–€
OpenID Connectๅ…ฅ้–€ๅœŸๅฒ ๅญๅนณ
ย 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
ย 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?Thomas Konrad
ย 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
ย 
WebAuthn
WebAuthnWebAuthn
WebAuthnKelley Robinson
ย 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
ย 
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
ย 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
ย 

More Related Content

What's hot

FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Alliance
ย 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
ย 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security PatternsVMware Tanzu
ย 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
ย 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO Alliance
ย 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxFIDO Alliance
ย 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication APIFIDO Alliance
ย 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2FIDO Alliance
ย 
Spring Security
Spring SecuritySpring Security
Spring SecurityKnoldus Inc.
ย 
Intro to Pentesting Jenkins
Intro to Pentesting JenkinsIntro to Pentesting Jenkins
Intro to Pentesting JenkinsBrian Hysell
ย 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn TutorialFIDO Alliance
ย 
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ขแ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ขbeom kyun choi
ย 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
ย 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case StudyFIDO Alliance
ย 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?Thomas Konrad
ย 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - IntroductionKnoldus Inc.
ย 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security KeysFIDO Alliance
ย 

What's hot (20)

FIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for AllFIDO Authentication: Unphishable MFA for All
FIDO Authentication: Unphishable MFA for All
ย 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
ย 
Spring Security Patterns
Spring Security PatternsSpring Security Patterns
Spring Security Patterns
ย 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
ย 
Spring Security 5
Spring Security 5Spring Security 5
Spring Security 5
ย 
FIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & TutorialFIDO U2F Specifications: Overview & Tutorial
FIDO U2F Specifications: Overview & Tutorial
ย 
IBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptxIBM: Hey FIDO, Meet Passkey!.pptx
IBM: Hey FIDO, Meet Passkey!.pptx
ย 
Web Authentication API
Web Authentication APIWeb Authentication API
Web Authentication API
ย 
Getting Started with FIDO2
Getting Started with FIDO2Getting Started with FIDO2
Getting Started with FIDO2
ย 
Spring Security
Spring SecuritySpring Security
Spring Security
ย 
Intro to Pentesting Jenkins
Intro to Pentesting JenkinsIntro to Pentesting Jenkins
Intro to Pentesting Jenkins
ย 
Webauthn Tutorial
Webauthn TutorialWebauthn Tutorial
Webauthn Tutorial
ย 
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ขแ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
แ„‰แ…ณแ„‘แ…ณแ„…แ…ตแ†ผ แ„‰แ…ตแ„แ…ฒแ„…แ…ตแ„แ…ต แ„€แ…ฎแ„Œแ…ฉ แ„‹แ…ตแ„’แ…ข
ย 
Spring Security
Spring SecuritySpring Security
Spring Security
ย 
OpenID Connectๅ…ฅ้–€
OpenID Connectๅ…ฅ้–€OpenID Connectๅ…ฅ้–€
OpenID Connectๅ…ฅ้–€
ย 
Google FIDO Authentication Case Study
Google FIDO Authentication Case StudyGoogle FIDO Authentication Case Study
Google FIDO Authentication Case Study
ย 
WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?WebAuthn - The End of the Password As We Know It?
WebAuthn - The End of the Password As We Know It?
ย 
OAuth2 - Introduction
OAuth2 - IntroductionOAuth2 - Introduction
OAuth2 - Introduction
ย 
WebAuthn
WebAuthnWebAuthn
WebAuthn
ย 
WebAuthn and Security Keys
WebAuthn and Security KeysWebAuthn and Security Keys
WebAuthn and Security Keys
ย 

Similar to Securing a Web App with Security Keys

DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakHitachi, Ltd. OSS Solution Center.
ย 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018MOnCloud
ย 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...Hitachi, Ltd. OSS Solution Center.
ย 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...Ganesh Kumar
ย 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysNordic APIs
ย 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseBahman Kalali
ย 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0 marcwan
ย 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee | Google Cloud
ย 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0marcwan
ย 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerNovell
ย 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...izzatisholehah
ย 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...APIsecure_ Official
ย 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Hitachi, Ltd. OSS Solution Center.
ย 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
ย 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...WSO2
ย 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicHarihara sarma
ย 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesIntuit Developer
ย 
Cloud and On Premises Collaboration Security Explained
Cloud and On Premises Collaboration Security ExplainedCloud and On Premises Collaboration Security Explained
Cloud and On Premises Collaboration Security ExplainedCisco Canada
ย 

Similar to Securing a Web App with Security Keys (20)

DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloakDevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
DevConf.CZ 2020 @ Brno, Czech Republic : WebAuthn support for keycloak
ย 
Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018Microservices security - jpmc tech fest 2018
Microservices security - jpmc tech fest 2018
ย 
What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...What API Specifications and Tools Help Engineers to Construct a High-Security...
What API Specifications and Tools Help Engineers to Construct a High-Security...
ย 
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
A Detailed Guide to Securing React applications with Keycloak - WalkingTree ...
ย 
Future-proofing Authentication with Passkeys
Future-proofing Authentication with PasskeysFuture-proofing Authentication with Passkeys
Future-proofing Authentication with Passkeys
ย 
Integrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use caseIntegrating Okta with Anypoint Platform for a mobile security use case
Integrating Okta with Anypoint Platform for a mobile security use case
ย 
OAuth 2.0
OAuth 2.0 OAuth 2.0
OAuth 2.0
ย 
WebAuthn & FIDO2
WebAuthn & FIDO2WebAuthn & FIDO2
WebAuthn & FIDO2
ย 
Apigee Edge: Intro to Microgateway
Apigee Edge: Intro to MicrogatewayApigee Edge: Intro to Microgateway
Apigee Edge: Intro to Microgateway
ย 
KubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdfKubeConRecap_nakamura.pdf
KubeConRecap_nakamura.pdf
ย 
AdWords API and OAuth 2.0
AdWords API and OAuth 2.0AdWords API and OAuth 2.0
AdWords API and OAuth 2.0
ย 
Exploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access ManagerExploring Advanced Authentication Methods in Novell Access Manager
Exploring Advanced Authentication Methods in Novell Access Manager
ย 
validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...validation of user credentials in social network by using Django backend aut...
validation of user credentials in social network by using Django backend aut...
ย 
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
2022 APIsecure_Why Assertion-based Access Token is preferred to Handle-based ...
ย 
Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?Why Assertion-based Access Token is preferred to Handle-based one?
Why Assertion-based Access Token is preferred to Handle-based one?
ย 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
ย 
Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...Setting the Foundation for Digital Transformation Through API Management and ...
Setting the Foundation for Digital Transformation Through API Management and ...
ย 
Configuring kerberos based sso in weblogic
Configuring kerberos based sso in weblogicConfiguring kerberos based sso in weblogic
Configuring kerberos based sso in weblogic
ย 
OAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST ServicesOAuth for QuickBooks Online REST Services
OAuth for QuickBooks Online REST Services
ย 
Cloud and On Premises Collaboration Security Explained
Cloud and On Premises Collaboration Security ExplainedCloud and On Premises Collaboration Security Explained
Cloud and On Premises Collaboration Security Explained
ย 

More from FIDO Alliance

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance
ย 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxFIDO Alliance
ย 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxFIDO Alliance
ย 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)FIDO Alliance
ย 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance
ย 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comFIDO Alliance
ย 
ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘
ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘
ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘FIDO Alliance
ย 
ๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณ
ๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณ
ๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณFIDO Alliance
ย 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesFIDO Alliance
ย 
ๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆ
ๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆ
ๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆFIDO Alliance
ย 
ใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸ
ใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸ
ใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸFIDO Alliance
ย 
ใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธ
ใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธ
ใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธFIDO Alliance
ย 
YubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅ
YubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅYubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅ
YubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅFIDO Alliance
ย 
FIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸ
FIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸFIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸ
FIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸFIDO Alliance
ย 
ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹
ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹
ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹FIDO Alliance
ย 
VPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚น
VPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚นVPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚น
VPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚นFIDO Alliance
ย 
CloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏ
CloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏCloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏ
CloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏFIDO Alliance
ย 
ๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆ
ๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆ
ๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆFIDO Alliance
ย 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance
ย 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationFIDO Alliance
ย 

More from FIDO Alliance (20)

FIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptxFIDO Alliance: Welcome and FIDO Update.pptx
FIDO Alliance: Welcome and FIDO Update.pptx
ย 
OTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptxOTIS: Our Journey to Passwordless.pptx
OTIS: Our Journey to Passwordless.pptx
ย 
CISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptxCISA: #MoreThanAPassword.pptx
CISA: #MoreThanAPassword.pptx
ย 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
ย 
FIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDOFIDO Alliance Webinar: Catch Up WIth FIDO
FIDO Alliance Webinar: Catch Up WIth FIDO
ย 
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.comConsumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
Consumer Attitudes Toward Strong Authentication & LoginWithFIDO.com
ย 
ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘
ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘
ๆ–ฐใ—ใ„่ช่จผๆŠ€่ก“FIDOใฎๆœ€ๆ–ฐๅ‹•ๅ‘
ย 
ๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณ
ๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณ
ๆ—ฅ็ซ‹PBIๆŠ€่ก“ใ‚’็”จใ„ใŸใ€Œใƒ‡ใƒใ‚คใ‚นใƒ•ใƒชใƒผใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏใ€ๆง‹ๆƒณ
ย 
Introduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS ServicesIntroduction to FIDO and eIDAS Services
Introduction to FIDO and eIDAS Services
ย 
ๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆ
ๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆ
ๅฏŒๅฃซ้€šใฎ็”Ÿไฝ“่ช่จผใ‚ฝใƒชใƒฅใƒผใ‚ทใƒงใƒณใจๆๆกˆ
ย 
ใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸ
ใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸ
ใƒ†ใƒฌใƒฏใƒผใ‚ฏๆœฌๆ ผๅฐŽๅ…ฅใซใŠใ‘ใ‚‹ID่ช่จผ่€ƒๅฏŸ
ย 
ใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธ
ใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธ
ใ€Œ้–‹ใ‘ใ‚ดใƒž๏ผใ€ใ‹ใ‚‰YubiKeyใธ
ย 
YubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅ
YubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅYubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅ
YubiOnใŒ็›ฎๆŒ‡ใ™ๆœชๆฅ
ย 
FIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸ
FIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸFIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸ
FIDO2ๅฐŽๅ…ฅใ—ใฆใฟใŸใ‚’่€ƒใˆใฆใฟใŸ
ย 
ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹
ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹
ไธญๅฐไผๆฅญใซใ‚ˆใ‚‹FIDOๅฐŽๅ…ฅไบ‹ไพ‹
ย 
VPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚น
VPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚นVPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚น
VPNใฏใ‚‚ใ†ๅ’ๆฅญ๏ผFIDO2่ช่จผใงๆฌกไธ–ไปฃใƒชใƒขใƒผใƒˆใ‚ขใ‚ฏใ‚ปใ‚น
ย 
CloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏ
CloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏCloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏ
CloudGate UNOใงๅฎ‰ๅ…จไพฟๅˆฉใชใƒ‘ใ‚นใƒฏใƒผใƒ‰ใƒฌใ‚นใƒชใƒขใƒผใƒˆใƒฏใƒผใ‚ฏ
ย 
ๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆ
ๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆ
ๆ•ฐใ€…ใฎๅฎŸ็ธพ๏ผš่ฟ…้€ŸใชFIDO่ช่จผใฎๅฑ•้–‹ใ‚’ใ‚ตใƒใƒผใƒˆ
ย 
FIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards AuthenticationFIDO Alliance Research: Consumer Attitudes Towards Authentication
FIDO Alliance Research: Consumer Attitudes Towards Authentication
ย 
Webinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO AuthenticationWebinar: Securing IoT with FIDO Authentication
Webinar: Securing IoT with FIDO Authentication
ย 

Recently uploaded

Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...SUHANI PANDEY
ย 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
ย 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
ย 
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
ย 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
ย 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...SUHANI PANDEY
ย 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
ย 
( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...nilamkumrai
ย 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
ย 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
ย 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
ย 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
ย 
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort ServiceBusty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort ServiceDelhi Call girls
ย 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
ย 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
ย 
Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
ย 

Recently uploaded (20)

Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
ย 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
ย 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
ย 
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
WhatsApp ๐Ÿ“ž 8448380779 โœ…Call Girls In Mamura Sector 66 ( Noida)
ย 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
ย 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
ย 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
ย 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
ย 
( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...
( Pune ) VIP Pimpri Chinchwad Call Girls ๐ŸŽ—๏ธ 9352988975 Sizzling | Escorts | G...
ย 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
ย 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
ย 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
ย 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
ย 
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort ServiceBusty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
Busty DesiโšกCall Girls in Vasundhara Ghaziabad >เผ’8448380779 Escort Service
ย 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
ย 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
ย 
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service โ˜Ž๏ธ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
ย 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
ย 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
ย 
Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now โ˜Ž 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
ย 

Securing a Web App with Security Keys

  • 1. 1 ยฉ2019Yubico ยฉ 2019 Yubico Securing a Web App with Passwordless Web Authentication Add WebAuthn to an existing web app
  • 2. 2 ยฉ2019Yubico โ— Workshop Overview โ—‹ What is passwordless authentication โ—‹ Security Key as the Root of Trust โ—‹ What to expect and what youโ€™ll need to get started โ— Overview of Yubicoโ€™s java-webauthn-server architecture โ—‹ Credential repository โ—‹ Registering credentials โ—‹ Authenticating credentials โ— Best practices โ— Start coding! Agenda
  • 3. 3 ยฉ2019Yubico โ— Strong MFA โ—‹ WebAuthn offers a strong Multi-Factor Authentication framework to minimize or replace the use of passwords with scoped public key-based credentials that are resistant to phishing, replay, and server breach attacks. โ— Passwordless Auth enabled by โ—‹ W3C Webauthn + FIDO2 Client to Authenticator Protocol version 2.0 (CTAP2) specs and resident credentials. โ— Resident Credentials โ—‹ Authenticator not only store the private key but also a user handle. The server can associate the user handle with an identity for authentication. What is Passwordless Authentication with WebAuthn?
  • 4. 4 ยฉ2019Yubico Security Keys as Root of Trust Anchoring FIDO2 / WebAuthn credentials in a root of trust is the cornerstone for building a secure identity model โ— A hardware-backed root of trust strengthens the account lifecycle โ—‹ Authentication, Step-Up Authentication, Account Recovery, Bootstrapping New Devices โ— An external authenticator, as the root of trust, is the anchor that creates a chain of trust with the internal authenticator โ—‹ Recording the authenticator used to register other authenticators creates a chain of trust that can be audited at a later date
  • 5. 5 ยฉ2019Yubico Passwordless Migration Strategy 4. Eliminate Passwords 3. Transition users to passwordless deployment 2. Minimize use of passwords in user flows 1. Deploy the WebAuthn / FIDO2 credential management system across the account lifecycle
  • 6. 6 ยฉ2019Yubico Learn how to implement passwordless authentication for web apps using: โ— Yubico WebAuthn Server Libraries โ— Spring Framework โ— Client to Authenticator Protocol Version 2.0 Compatible Browser โ—‹ Resident Credentials โ— FIDO2 Security Key What to expect from this workshop
  • 7. 7 ยฉ2019Yubico Some knowledge of: โ— Java โ— Spring Framework โ— JavaScript โ— WebAuthn API โ—‹ Browser with resident credential capability โ— Security Keys โ—‹ YubiKey Manager to reset FIDO credentials after workshop You need
  • 8. 8 ยฉ2019Yubico This workshop is split into multiple modules. Each module builds upon the previous module as you expand the application. You must complete each module before proceeding to the next. 1. Getting Started Instructions 2. Implement a Credential Repository 3. Implement WebAuthn Registration REST Endpoints 4. Implement WebAuthn Authentication REST Endpoints 5. Clean Up Instructions Workshop Modules
  • 9. 9 ยฉ2019Yubico This workshop can either be completed locally or in the cloud. โ— Instructions for running in the Azure Cloud Shell are included. If you already have a subscription you can use it or you can get a free trial. Azure Cloud Shell has all of the prerequisites already installed. โ— If you prefer a different cloud development environment, feel free to use it instead. Prerequisites: โ— Git โ— JDK 1.8+ โ— Maven 3.2+ โ— FIDO2 compatible platform / browser โ—‹ MacOS: Safari Technology Preview version 71+ โ—‹ Windows 10 version 1809+ with Edge โ— Your preferred text editor or IDE โ— A security key Development Environment
  • 10. 10 ยฉ2019Yubico โ— Enable the Develop Menu โ—‹ Choose Safari > Preferences, and click Advanced. โ—‹ At the bottom of the pane, select the โ€œShow Develop menu in menu barโ€ checkbox. โ— Enable Web Authentication Experimental Feature โ—‹ Choose Safari > Develop > Experimental Features โ—‹ Verify โ€œWeb Authenticationโ€ is checked โ— Private Window โ—‹ Running a web app on https://localhost:8443 may require using new private window โ— No Security Key PIN Support โ—‹ Security keys with a PIN set may not work with Safari yet. โ—‹ You can reset a security key back to factory default settings with the YubiKey Manager. Warning: A reset will remove all FIDO credentials. macOS Safari TP Tips
  • 11. 11 ยฉ2019Yubico Start by cloning the repository โ— git clone https://github.com/elukewalker/PasswordlessWorkshop Getting Started
  • 12. 12 ยฉ2019Yubico WebAuthn Application Architecture WebAuthn API in Browser Client/Platform CTAP1 and/or CTAP2 Server-Side App Relying Party WebAuthn Server WebAuthn Platform Auth API Internal Authenticator External Authenticator User Store External Metadata Services Register and Authenticate Client-Side JS Attestation Trust Store
  • 13. 13 ยฉ2019Yubico WebAuthn Demo Server Data Flow Browser API Server app logic Core librarystartRegistration() startAuthentication() PublicKeyCredentialCreationOptions PublicKeyCredentialRequestOptions Client side JS Encode to JSON Decode JSON navigator.credentials .create() .get() Encode to JSON Decode JSON finishRegistration() finishAssertion() UserIdentity PublicKeyCredential RegistrationResult AssertionResult Generate challenge etc. Handle result Inform user Validation logic
  • 14. 14 ยฉ2019Yubico Yubico/java-webauthn-server webauthn-server-core/ โ— Entity Data Model โ—‹ Assertion Request โ—‹ Assertion Result โ—‹ Attestation Object โ—‹ Authenticator Response โ—‹ Public Key Credential โ—‹ Public Key Credential Creation and Request Options โ—‹ Registration Result โ—‹ User Identity โ—‹ Attestation โ— Data Providers โ—‹ Credential Repository โ—‹ Metadata Service โ— Methods โ—‹ Registration โ—‹ Authentication โ—‹ Authenticated Actions
  • 15. 15 ยฉ2019Yubico WebAuthn Demo Server Architecture REST API HTTP/JSON translation Entities Registration Authentication Registration storage Persistent state Entry Points WebAuthn-Server-Core Data Providers DB Server layer Transient state (stateless) Metadata lookup DB External servicesConfiguration Constructor parameters Not included in workshop
  • 16. 16 ยฉ2019Yubico Application logic Core Library internal structure DB DB External services Constructor parameters Start operation UserIdentity PKCCreationOptions PKCRequestOptions Registration storage Metadata source Operation settings Challenge generator Finish operation Class RelyingParty PublicKeyCredential RegistrationResult AssertionResult
  • 17. 17 ยฉ2019Yubico What you need to provide โ— Storage for requests (temporary) โ—‹ Completely external to the library โ—‹ Library simply returns request objects โ—‹ finish* methods expect them to be passed back in โ— Storage for credentials (persistent) โ—‹ Library requires an adapter object (CredentialRepository) โ—‹ Library only looks credentials up โ—‹ You need to save new registrations to the DB โ— (Optional) Additional authenticator metadata sources โ—‹ In the future, the library will include a FIDO Metadata Service connector โ—‹ Optional module with Yubico device metadata as static files
  • 19. 19 ยฉ2019Yubico rp: relying party data. name is required. If id is left out then origins effective domain is used user: identity data. name, displayName (user friendly), and id (userHandle) are required challenge: contains challenge for generating the newly created credentialโ€™s attestationObject pubKeyCredParams: desired properties of credential to be created. type: only one type: โ€œpublic-keyโ€. alg: crypto signature algorithm preference excludeCredentials: limits creation of multiple creds for same account on a single authenticator. Credential descriptor includes cred type and cred id authenticatorSelection: specify authenticator requirements. When the requireResidentKey is true the authenticator must create a client side resident private key. userVerification can be โ€œpreferredโ€, โ€œrequiredโ€, or โ€œdiscouragedโ€ attestation: attestation conveyance preference. Default is โ€œnoneโ€. โ€œdirectโ€ indicates the rp wants to receive the attestation statement. โ€œindirectโ€ indicates prefers an attestation statement Public Key Credential Creation Options
  • 20. 20 ยฉ2019Yubico Registration Sequence hash(rpId), id, kpub , s, Apub id, clientData, attestationObject Verify origin Verify challenge Check Apub trust Check s using Apub Register kpub , id and userHandle Generate key pair (kpriv , kpub ) for rpId and sign c and kpub after User Presence/ Veri๏ฌcation hash(challenge, origin) clientData signature(hash(rpId) || id || kpub || c, Apriv ) Validate rpId against originrpId, c, userHandle Client Relying PartyAuthenticator attestationObject rpId, userHandle, challenge
  • 21. 21 ยฉ2019Yubico Start Registration Diagram username, displayName, credNickname REST API Start Registration Challenge Generator Registration Request challenge username, credNickname User Identity username, displayName Exclude Credentials Extensions RelyingParty Start Registration PublicKeyCredentialCreationOptions Register Request Storage return RegistrationRequest to client as JSON Credential Repository
  • 22. 22 ยฉ2019Yubico Credential Create Response โ€œauthDataโ€:... โ€œfmtโ€:โ€œpackedโ€ โ€œattStmtโ€:... attestationObject RP ID Hash Flags Counter Att. Cred Data Extensions AAGUID L Cred. ID Cred Public Key Authenticator Data โ€œalgโ€: ... โ€œsigโ€: ... โ€œx5cโ€: ... Attestation Statement โ€œalgโ€: ... โ€œsigโ€: ... โ€œecdaaKeyIdโ€: ... If Basic or Privacy CA If ECDAA Refer to W3C Web Authentication API for more details on attestation statements ED AT: 1 UV UP: 1
  • 23. 23 ยฉ2019Yubico Finish Registration Diagram JSON response REST API Finish Registration Credential Registration Registration Response Register Request Storage Registration Request Caller Token Binding Id RelyingParty Finish Registration Credential Repository addRegistration Registration Result Successful Registration Result Performs registration validation steps Returned to client Get by id and invalidate
  • 24. 24 ยฉ2019Yubico Registration Recap 1. Client calls startRegistration() endpoint โ—‹ With userName, displayName, and credentialNickname args 2. Relying Party generates RegistrationRequest โ—‹ With userName, credentialNickname, and PublicKeyCredentialCreationOptions 3. Client calls navigator.credentials.create() โ—‹ With data from the RegistrationRequest 4. Client calls finishRegistration() endpoint โ—‹ With authenticatorAttestationResponse JSONObject 5. Relying Party verifies attestation signature โ—‹ After validation, add user and associated credential to the credential repository
  • 26. 26 ยฉ2019Yubico challenge: contains challenge that the authenticator signs as part of the authentication assertion rpId: relying party identifier claimed by the caller allowCredentials: list of public key credentials acceptable to the caller, can be omitted for username-less authentication. type: only one type: โ€œpublic-keyโ€. id: credential Id of the public key credentials userVerification: the default is โ€œpreferredโ€. Can also be set to โ€œrequiredโ€ or โ€œdiscouragedโ€ Public Key Credential Request Options
  • 27. ยฉ2018Yubico Authentication Sequence First factor mode Client Relying Party id, rpId, challenge id, hash(rpId), s, clientData, userHandle Find user with id or userHandle Check id Check s using kpub Verify origin Verify challenge Authenticator signature(hash(rpId) || c, kpriv ) Validate rpId against origin hash(challenge, origin) clientData id, rpId, c Retrieve kpriv for rpId Sign c after User Presence/ Veri๏ฌcation id, hash(rpId), s, userHandle
  • 28. 28 ยฉ2019Yubico Start Authentication Diagram username REST API Start Authentication Challenge Generator Assertion Request challenge username RelyingParty Start Assertion Credential Repository username Extensions PublicKeyCredentialRequestOptions Assertion Request Storage return AssertionRequest to client as JSON Get credentials by username
  • 29. 29 ยฉ2019Yubico Client - Get Credential Response โ€œauthDataโ€: ... โ€œclientDataJSONโ€: ... โ€œsignatureโ€: ... Authenticator Assertion Response RP ID Hash Flags Counter Extensions Authenticator Data ED AT: 0 UV UP: 1 โ€œuserHandleโ€: ...
  • 30. 30 ยฉ2019Yubico Finish Authentication Diagram JSON response REST API Finish Authentication Successful Authentication Result Assertion Response Assertion Request Caller Token Binding Id RelyingParty Finish Assertion Credential RepositoryUpdate signature count Assertion Result Performs authentication validation steps Returned to client Get by id and invalidate Assertion Request Storage Credential Repository Get credentials by userHandle
  • 31. 31 ยฉ2019Yubico Authentication Recap 1. Client calls startAuthentication() endpoint โ—‹ With (or without) userName 2. Relying Party generates AssertionRequest โ—‹ With userName, and PublicKeyCredentialRequestOptions 3. Client calls navigator.credentials.get() โ—‹ With data from the AssertionRequest 4. Client calls finishAuthentication() endpoint โ—‹ With authenticatorAssertionResponse JSONObject 5. Relying Party verifies signature โ—‹ After validation, authentication is successful
  • 32. 32 ยฉ2019Yubico Best Practices โ— Store the verbatim attestation object โ—‹ Enables future re-evaluation of trust โ— Allow registering more than one credential per account โ—‹ Consider allowing credential nicknames โ— Weigh pros vs cons of requiring attestation โ—‹ Pros: โ€’ Higher assurance โ—‹ Cons: โ€’ Maintenance for attestation trust store โ€’ Compatibility issues for unknown/new authenticators (not in attestation trust store) โ— Security and Privacy Considerations โ—‹ Refer to W3C Web Authentication API spec https://www.w3.org/TR/webauthn/#security-considerations
  • 33. 33 ยฉ2019Yubico Recap โ— Anchoring resident credentials on roaming authenticators can enable passwordless authentication scenarios โ— Yubicoโ€™s java-webauthn-core library provides the entities and validation logic to integrate Web Authentication into server-side applications โ— Attestation can be stored and looked up to build a chain of trust and provide high assurance authentication โ— Build a UI that enables users to register multiple authenticators
  • 34. 34 ยฉ2019Yubico Resources โ— Workshop โ—‹ https://github.com/elukewalker/PasswordlessWorkshop โ— FIDO2/WebAuthn Developer Guide โ—‹ https://developers.yubico.com/FIDO2/FIDO2_WebAuthn_Developer_Guide/ โ— Java WebAuthn Server โ—‹ https://github.com/Yubico/java-webauthn-server โ— Yubico Developer Videos โ—‹ https://www.yubico.com/why-yubico/for-developers/developer-videos/ โ— W3C Web Authentication API โ—‹ https://www.w3.org/TR/webauthn โ— FIDO Client to Authenticator Protocol V 2.0 โ—‹ https://fidoalliance.org/specifications/download/
  • 35. 35 ยฉ2019Yubico yubi.co/devs Workshops, Webinars, Documentation, Implementation Guides, Reference Code, APIs, SDKs Yubico Developer Program
  • 36. 36 ยฉ2019Yubico Raise your hand if you need help Workshop repository https://github.com/elukewalker/PasswordlessWorkshop Questions?