Dan Blum, writing at Security-Architect, regales us with a – frankly – superb explanatory post regarding FIDO, also known as Fast Identity Online. His article is highly regarded around here, and I recommend visting the site, straight-away!
‘The core FIDO2 speification are:
FIDO Client To Authenticator Protocol (CTAP): CTAP specifies a protocol for communication between a personal device with cryptographic capabilities (aka authenticator) and a host computer that wishes to use these capabilities for security functions including strong user authentication…!”
FIDO Attestation: Defines attestation formats used to validate FIDO Authenticators, uses of FIDO 2.0 credentials, and associated user verification methods. FIDO attestation could be mapped as authentication context to federation servers or other conditional/adaptive authentication systems.’
*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: http://security-architect.com/fido-passwordless-authentication/