Professional Documents
Culture Documents
• The Web API is the first one we standardize and use it to drive
other platform (native) specific APIs
RP App RP Server
Authenticator
OS Platform API
Client to Authenticator Protocol
*RP: Relying Party
All Rights Reserved. FIDO Alliance. Copyright 2016 8
Web API for Accessing FIDO 2.0 Technology
Specifies an API that enables web pages to access FIDO 2.0
compliant strong cryptographic technology through Javascript.
Browser Server
(1) service request
Java script calls (2) authentication request
credential API
Authenticator
User
Private key (4) Credential discovery
• getAssertion: authentication
• mixes in state like facet id, token-binding id
• also: key discovery (for “typeless” authentication)
Public key
BLE
Smartphone
(external authenticator)
User
Private key
User can choose an external authenticator that is used to authenticate
himself for applications running on his multiple clients across devices.
All Rights Reserved. FIDO Alliance. Copyright 2016 24
Current Timeline
• W3C Web Authentication Specification
• Candidate Recommendation 1Q2017