Difference between revisions of "Web Authentication Levels"
From MgmtWiki
(→Context) |
(→Full Title) |
||
| (14 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Full Title== | ==Full Title== | ||
| − | [[Web Authentication Level 2]] enables the creation and use of strong, attested, scoped, public key cred by web applications for strongly authenticating users. | + | The W3C [[Web Authentication]] standards started calling their first specification ''Level One'' knowing that extensions were coming. |
| + | |||
| + | [[Web Authentication Level 2]]<ref name=balfanz>Dirk Balfanz + 19, ''Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Working Draft, 2020-07-30'' https://www.w3.org/TR/webauthn-2/#iface-pkcredential</ref> enables the creation and use of strong, attested, scoped, public key cred by web applications for strongly authenticating users. | ||
==Context== | ==Context== | ||
* This is designed for web applications, not native applications. | * This is designed for web applications, not native applications. | ||
* The current draft of the evolving standard is available [https://www.w3.org/TR/webauthn-2/ here]. | * The current draft of the evolving standard is available [https://www.w3.org/TR/webauthn-2/ here]. | ||
| + | ===Glossary=== | ||
| + | * Authenticator protects public key credentials, and interact with user agents to implement the Web Authentication API. Implementing compliant authenticators is possible in software executing (a) on a general-purpose computing device, (b) on an on-device Secure Execution Environment, Trusted Platform Module (TPM), or a Secure Element (SE), or (c) off device. Authenticators being implemented on device are called platform authenticators. Authenticators being implemented off device (roaming authenticators) can be accessed over a transport method. | ||
| + | |||
==Normal Flow== | ==Normal Flow== | ||
| − | # | + | Web Authentication API <ref name=balfanz /> Section 5 |
| + | *Registration | ||
| + | # Challenge, user info, RP info | ||
| + | # RP ID, client data hash | ||
| + | # User verification, new key pair | ||
| + | *Authentication | ||
| + | # Challenge | ||
| + | # RP ID, client data hash | ||
| + | # User verification | ||
| + | |||
| + | |||
| + | ==Solutions== | ||
| + | * [https://developers.google.com/codelabs/webauthn-reauth#0 Your First WebAuthn] on developers Google for Windows 10 with Windows Hello | ||
==Referrences== | ==Referrences== | ||
| + | <references /> | ||
| + | ===Other Material=== | ||
| + | * See also wiki page [[Web Authentication]] | ||
| + | * See also wiki page [[WebAuthn 2]] | ||
| + | * See also wiki page [[WebAuthn 3]] | ||
| + | * See also wiki page [[Biometric Attribute]] | ||
| − | + | [[Category: Glossary]] | |
[[Category: Authentication]] | [[Category: Authentication]] | ||
[[Category: Standard]] | [[Category: Standard]] | ||
Latest revision as of 12:36, 9 November 2021
Contents
Full Title
The W3C Web Authentication standards started calling their first specification Level One knowing that extensions were coming.
Web Authentication Level 2[1] enables the creation and use of strong, attested, scoped, public key cred by web applications for strongly authenticating users.
Context
- This is designed for web applications, not native applications.
- The current draft of the evolving standard is available here.
Glossary
- Authenticator protects public key credentials, and interact with user agents to implement the Web Authentication API. Implementing compliant authenticators is possible in software executing (a) on a general-purpose computing device, (b) on an on-device Secure Execution Environment, Trusted Platform Module (TPM), or a Secure Element (SE), or (c) off device. Authenticators being implemented on device are called platform authenticators. Authenticators being implemented off device (roaming authenticators) can be accessed over a transport method.
Normal Flow
Web Authentication API [1] Section 5
- Registration
- Challenge, user info, RP info
- RP ID, client data hash
- User verification, new key pair
- Authentication
- Challenge
- RP ID, client data hash
- User verification
Solutions
- Your First WebAuthn on developers Google for Windows 10 with Windows Hello
Referrences
- ↑ 1.0 1.1 Dirk Balfanz + 19, Web Authentication: An API for accessing Public Key Credentials Level 2 W3C Working Draft, 2020-07-30 https://www.w3.org/TR/webauthn-2/#iface-pkcredential
Other Material
- See also wiki page Web Authentication
- See also wiki page WebAuthn 2
- See also wiki page WebAuthn 3
- See also wiki page Biometric Attribute
