May 20, 2019 @ 9:00 am – 5:30 pm
The FIDO Alliance invites you to learn about key trends in strong authentication and to get hands-on with FIDO2 implementation, including the Web Authentication (WebAuthn) API from W3C and the corresponding Client to Authenticator Protocol (CTAP). This workshop is targeted at developers and product engineers who are eager to move their sites to strong customer authentication. FIDO2 is built upon standards-based public key cryptography that leverages devices that consumers use every day to provide a simpler yet stronger authentication experience.
Attendees will first be given an overview of FIDO’s technical and market vision, then guided through strategic considerations for deploying modern authentication, and finally led through the process of replacing a traditional password-based log-in with a FIDO login in three use cases:
- Using the WebAuthn API for web-based authentication (both desktop and mobile)
- Writing to FIDO2 APIs in Android for native and native web applications
- Leveraging FIDO2 functionality in Windows 10 and Windows login
A full list of hardware, software, and configuration requirements will be sent to attendees upon registration – but it is suggested that attendees already have a working knowledge of leading web frameworks (for the WebAuthn tutorial) as well as interest/expertise in Android and Windows for those parts of the workshop.
FIDO’s open specifications improve web account security, enhance user experience and lower enterprise support costs. Today there are nearly 600 solutions in the market that have been FIDO® Certified and numerous services have been FIDO-enabled by leading service providers, including Google, Facebook, Microsoft, PayPal, Samsung, Bank of America, UK Digital Services, NTT DOCOMO, and many more.
FIDO offers a simple, low-cost way to improve security and the online experience. Come attend our workshop to learn more about how to bring these benefits to your business and customers.
|09:00-09:30||Registration & Networking Coffee|
|09:30-09:45||Welcome and FIDO Overview||Andrew Shikiar, CMO, FIDO Alliance|
|09:45-10:10||FIDO Specification Overview||Rolf Lindemann, Sr. Director Products & Technology, Nok Nok|
|10:10-10:30||Architectural Strategies for FIDO Deployments||Bill Wright, Technical Fellow, USAA & FIDO Alliance Board Member|
|10:30-11:00||Networking Coffee & Solution Demos|
|11:00-12:00||WebAuthn Hands-On Tutorial||Nick Steele, Senior Security R&D Engineer, Duo Security|
|12:00-13:30||Networking Lunch, Solution Demos & Ad Hoc Tutorials|
|13:30-14:45||Android App Tutorial||Christiaan Brand, Product Manager: Identity & Security, Google|
|14:45-15:15||Networking Break & Solution Demos|
|15:15-16:45||Security Keys for Websites Tutorial||Luke Walker, Manager: Developer Program, Yubico|
This agenda is subject to change.
FIDO Specifications Technical Overview
Rolf Lindemann, Senior Director, Products & Technology, Nok Nok
Attendees will come out of this session with a strong, foundational understanding of the FIDO specs. This knowledge will serve as a baseline for the rest of the workshop.
WebAuthn Hands-On Tutorial
Nick Steele, Senior Security R&D Engineer, Duo Security
This session will be focussed on using pre-built web application to gain an understanding of the server and client interactions that take place with WebAuthn. We’ll cover what requests and responses are sent, and how to validate the different authentication formats sent back from authenticators. Additionally, we’ll cover the different types of authentication options the WebAuthn server can request from a user, and which options to use for support of your own application.
Android App Tutorial
Christiaan Brand, Product Manager: Identity & Security, Google
In this session, we’ll start out building a simple website using login WebAuthn and then build an Android app that uses the WebAuthn credentials that we created in the earlier web session, in order to facilitate password-less login to a website and an Android app. We will be using the built-in FIDO authenticator on Android.
Security Keys for Websites Tutorial
Luke Walker, Manager: Developer Program, Yubico
In this tutorial, you will build a simple web application that enables users to register a security key and then use the resident credential on the security key to sign in without typing in a username or password. You’ll start with a java web application that secures access to a page with a login form for a fixed user. Then you’ll integrate Yubico’s WebAuthn Server libraries and add security key registration and passwordless authentication.
- The software requirements for this workshop are Docker, which is available for Windows, Mac, and major versions of Linux, and the webauthn-io code library.
- Attendees should also have a Chrome, Firefox, or Edge Browser installed on their device and a hardware/software authenticator of their choosing (Yubikey, Krypton, etc).
- It is optional but preferred that developers have the Go language binary installed, which is also available for Windows, Mac, and Linux. The Golang installation is not necessary but will make local development much easier, otherwise attendees will need to use Docker to build the example code every time they update it.
- JDK 1.8 or later
- Maven 3.2+
- Android Studio
- WebAuthn + CTAP2 compatible browser
- Windows 10: Edge version 1809+
- Chrome version 72+
- Firefox version 66+
- MacOS: Safari Technical Preview version 71+
- Optional: FIDO2 Certified Security Key. Yubico will be providing security keys, while supplies last.
- Optional for Security Key Tutorial: An Azure Subscription. If you already have a subscription you can use it or you can get a free trial.