CTAP2ĬTAP2 allows the use of external authenticators (FIDO Security Keys, mobile devices) for authentication on FIDO2-enabled browsers and operating systems over USB, NFC, or BLE for a passwordless, second-factor or multi-factor authentication experience. WebAuthn defines a standard web API that is being built into browsers and platforms to enable support for FIDO Authentication. The specifications within FIDO2 are: W3C WebAuthn FIDO2 supports passwordless, second-factor and multi-factor user experiences with embedded (or bound) authenticators (such as biometrics or PINs) or external (or roaming) authenticators (such as FIDO Security Keys, mobile devices, wearables, etc.). FIDO2įIDO2 is comprised of the W3C Web Authentication specification and corresponding Client-to-Authenticator Protocols (CTAP) from the FIDO Alliance. These requirements are covered in the Authenticator Certification program found on the Certified Authenticator Levels page. In addition to meeting the technical requirements, the FIDO Alliance developed further security requirements that need to be implemented to enhance the security assurance of each device. Read the technical specifications on the specifications download page. They provide for a wide range of use cases and deployment scenarios. CTAP is complementary to the W3C’s Web Authentication (WebAuthn) specification together, they are known as FIDO2.Īll FIDO protocols are based on public key cryptography and are strongly resistant to phishing (for more information, see How FIDO Works). The FIDO Alliance has published three sets of specifications for simpler, stronger user authentication: FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework (FIDO UAF) and the Client to Authenticator Protocols (CTAP).
User Authentication Specifications Overview
0 kommentar(er)
