Login
    Contenu x
    FIDO2
    • 16 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    FIDO2

    • Mis à jour le 16 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    FIDO2 is one of the protocols provided by the FIDO alliance to enable easy-to-use solutions for passwordless authentication. It allows users to use their devices and authenticators to authenticate in online services without the need to enter a password. It can be accomplished both on their desktop and in mobile environments.

    FIDO2 clients can be an Android application, a desktop application, or a web browser, which can communicate with authenticators to perform FIDO2 operations — registration of an authenticator and authentication. Deregistration can also be supported but has to be handled on the relying party side (for example removing registered keys from a data storage on the server). All major web browsers provide support for the client API (WebAuthn API) by exposing native functions to perform necessary operations.

    A FIDO2-based application can also interact with authenticators supporting other FIDO protocols by using the Client to Authenticator Protocol (CTAP).

    FIDO2 architecture overview

    Figure: FIDO2 architecture — high-level overview

    Client side

    • Relying party application. This is the web application that is running on the client device. It can be a JavaScript application or other application that has access to browser engines (for example an Android application which runs in a web-view).
    • Browser. Provides W3C WebAuthn API standard functions; they can be invoked from relying party applications to perform FIDO2 operations.
    • Platform (operating system). Responsible for communicating with the authenticator.

    • Authenticator. This can be one of the following:

      • Internal authenticator or Platform authenticator. An authenticator built into the platform device.
      • External authenticator or Cross-Platform. This can be, for instance, a hardware security key that is connected through USB, NFC, or Bluetooth to your device.

    Server side

    • Relying party application server. Server that is responsible for handling the relying party domain logic.
    • FIDO Server. Server that is responsible for performing FIDO2 operations.
    • Metadata service. Responsible for providing metadata for given authenticators. This is typically used as a trust anchor during FIDO2 operations.
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle