Loading Events

« All Events

Developer Workshop

May 20 @ 9:00 am - 5:30 pm EDT

Free

The FIDO Alliance invites you to learn about key trends in strong authentication and to get hands-on with FIDO2 implementation, including the Web Authentication (WebAuthn) API from W3C and the corresponding Client to Authenticator Protocol (CTAP). This workshop is targeted at developers and product engineers who are eager to move their sites to strong customer authentication. FIDO2 is built upon standards-based public key cryptography that leverages devices that consumers use every day to provide a simpler yet stronger authentication experience.

Attendees will first be given an overview of FIDO’s technical and market vision, then guided through strategic considerations for deploying modern authentication, and finally led through the process of replacing a traditional password-based log-in with a FIDO login in three use cases:

  1. Using the WebAuthn API for web-based authentication (both desktop and mobile)
  2. Writing to FIDO2 APIs in Android for native and native web applications
  3. Leveraging FIDO2 functionality in Windows 10 and Windows login

A full list of hardware, software, and configuration requirements will be sent to attendees upon registration – but it is suggested that attendees already have a working knowledge of leading web frameworks (for the WebAuthn tutorial) as well as interest/expertise in Android and Windows for those parts of the workshop.

FIDO’s open specifications improve web account security, enhance user experience and lower enterprise support costs. Today there are nearly 600 solutions in the market that have been FIDO® Certified and numerous services have been FIDO-enabled by leading service providers, including GoogleFacebook, Microsoft, PayPalSamsungBank of AmericaUK Digital ServicesNTT DOCOMO, and many more.

FIDO offers a simple, low-cost way to improve security and the online experience. Come attend our workshop to learn more about how to bring these benefits to your business and customers.

There is no charge for the seminar, but space is limited and registration is required.

Sponsors


09:00-09:30Registration & Networking Coffee 
09:30-09:45Welcome and FIDO OverviewAndrew Shikiar, CMO, FIDO Alliance
09:45-10:10FIDO Specification OverviewRolf Lindemann, Sr. Director Products & Technology, Nok Nok
10:10-10:30Architectural Strategies for FIDO DeploymentsBill Wright, Technical Fellow, USAA & FIDO Alliance Board Member
10:30-11:00Networking Coffee & Solution Demos 
11:00-12:00WebAuthn Hands-On TutorialNick Steele, Senior Security R&D Engineer, Duo Security
12:00-13:30Networking Lunch, Solution Demos & Ad Hoc Tutorials 
13:30-14:45Android App TutorialChristiaan Brand, Product Manager: Identity & Security, Google
14:45-15:15

Networking Break & Solution Demos 
15:15-16:45Security Keys for Websites TutorialLuke Walker, Manager: Developer Program, Yubico
17:00-18:00Networking Reception 

This agenda is subject to change.

 

FIDO Specifications Technical Overview

Rolf Lindemann, Senior Director, Products & Technology, Nok Nok

Attendees will come out of this session with a strong, foundational understanding of the FIDO specs. This knowledge will serve as a baseline for the rest of the workshop.

 

WebAuthn Hands-On Tutorial

Nick Steele, Senior Security R&D Engineer, Duo Security

This session will be focussed on using pre-built web application to gain an understanding of the server and client interactions that take place with WebAuthn. We’ll cover what requests and responses are sent, and how to validate the different authentication formats sent back from authenticators. Additionally, we’ll cover the different types of authentication options the WebAuthn server can request from a user, and which options to use for support of your own application.

 

Android App Tutorial

Christiaan Brand, Product Manager: Identity & Security, Google

In this session, we’ll start out building a simple website using login WebAuthn and then build an Android app that uses the WebAuthn credentials that we created in the earlier web session, in order to facilitate password-less login to a website and an Android app. We will be using the built-in FIDO authenticator on Android.

 

Security Keys for Websites Tutorial

Luke Walker, Manager: Developer Program, Yubico

In this tutorial, you will build a simple web application that enables users to register a security key and then use the resident credential on the security key to sign in without typing in a username or password. You’ll start with a java web application that secures access to a page with a login form for a fixed user. Then you’ll integrate Yubico’s WebAuthn Server libraries and add security key registration and passwordless authentication.

Requirements

Software

  • The software requirements for this workshop are Docker, which is available for Windows, Mac, and major versions of Linux, and the webauthn-io code library.
  • Attendees should also have a Chrome, Firefox, or Edge Browser installed on their device and a hardware/software authenticator of their choosing (Yubikey, Krypton, etc).
  • It is optional but preferred that developers have the Go language binary installed, which is also available for Windows, Mac, and Linux. The Golang installation is not necessary but will make local development much easier, otherwise attendees will need to use Docker to build the example code every time they update it.
  • JDK 1.8 or later
  • Maven 3.2+
  • Android Studio
  • WebAuthn + CTAP2 compatible browser
    • Windows 10: Edge version 1809+
    • Chrome version 72+
    • Firefox version 66+
    • MacOS: Safari Technical Preview version 71+
  • Optional: FIDO2 Certified Security Key. Yubico will be providing security keys, while supplies last.
  • Optional for Security Key Tutorial: An Azure Subscription. If you already have a subscription you can use it or you can get a free trial.

Skills

While a basic understanding of the Go and JavaScript programming languages are definitely recommended, they are not necessary. This workshop should help attendees understand the WebAuthn protocol (requests, responses, validation) and how it should be architected within a web application, which will help us cover more ground than writing a WebAuthn app from scratch. There will be time available to discuss what WebAuthn libraries written in other languages are out there.

 

 

Details

Date:
May 20
Time:
9:00 am - 5:30 pm
Cost:
Free
Event Category:
Event Tags:
,

Venue

Hilton Prague Old Town
V Celnici 7
Prague, 10 00 Nove Mesto Czech Republic
+ Google Map
Download Specs