Identification, Authentication and Authorization

FIDO (Fast Identity Online) Alliance

Open industry association.

With the mission of developing open authentication standards and promoting their adoption to reduce the use of passwords.

Approach:

  • Strong authentication based on public keys.

  • Phishing resistance.

  • Good usability.

Token-based authentication

Authentication key pairs are stored in tokens, thus we need a protocol to interact with them.

Authentication is based on signatures, these however are too long to be copied by people.

Enrolment of devices in users' profiles is left to the authenticators, plus the recovery procedures upon losing a token.

FIDO Certification

Validation of the quality of FIDO products.

Certification programs:

  • Functional.

    • Compliance and interoperability.

  • Authenticator

    • Protection of secrets (L1 up to L3+).

  • Biometric.

    • FAR, FRR.

    • IAPMR (Impostor Attack Presentation Match Rate).

PreviousScenario 3 – MS AD auth with local backoffNextUniversal 2nd Factor (U2F) protocol

Last updated