enterprise adoption of fido authentication
TRANSCRIPT
ENTERPRISE ADOPTION
Darren PlattRSA
Enterprise Adoption Working Group
MissionTo identify challenges that enterprises face in the adoption of FIDO, and produce a set of guidelines, white papers and blue-prints for best practices to address those topics.
Membership• Technology Providers• Enterprises
Documents• Federation• Lifecycle
2All Rights Reserved | FIDO Alliance | Copyright 2016
FIDO and Federation
• They are complimentary!
• Multiple Federation Protocols
• Two Primary Use Cases • Relying Party/Service Provider asks for Fido Authentication
• Asserting Party/Identity Provider Informs Relying Party of Fido Authentication
3All Rights Reserved | FIDO Alliance | Copyright 2016
FIDO Lifecycle
Important Credential Lifecycle Events relevant to FIDO• Enrollment
• Centralized and De-Centralized
• Enterprise scenario typically involves 1 key pair for all applications
• Recovery• Lost, Stolen, or Broken Authenticators
• Profile-specific security considerations UAF vs. U2F, FIDO 2
• Native vs. External Authenticators
• Revocation• UAF vs. U2F/FIDO 2
4All Rights Reserved | FIDO Alliance | Copyright 2016
Call to Action
• Looking for more input. • What questions/concerns do you have when contemplating a FIDO
deployment?
• What lessons have you learned in your deployments?
• Join FIDO Alliance!
• Send us that info directly – [email protected], [email protected]
5All Rights Reserved | FIDO Alliance | Copyright 2016