edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Stefan Winter <stefan.winter AT restena.lu>
- To: Janos Mohacsi <mohacsi.janos AT kifu.gov.hu>, edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] FIDO2 and SSO?
- Date: Wed, 27 Feb 2019 14:17:38 +0100
Hi,
> What do you think about FIDO2 movement and current SSO systems
> provided by eduGAIN and various federations behind it?
>
> https://globenewswire.com/news-release/2019/02/25/1741351/0/en/Android-Now-FIDO2-Certified-Accelerating-Global-Migration-Beyond-Passwords.html
FIDO2 (WebAuthn) and even its predecessor U2F are both very nice
protocols. As a second factor, they are vastly superior to simple OTP
generators because they provide safeguards against online
phishing/skimming attacks.
At RESTENA, we are currently deploying two-factor authentication and are
settling with OTP variants (Yubikey and generic TOTP) *for now*, but
with a hope that we can move on towards U2F / FIDO2 WebAuthn soon.
Right now server-side support seems to be lagging a bit - the popular
privacyIDEA second-factor authentication server supports U2F in a way
that is compatible with Chrome (but not Firefox). The next release has
code to support Firefox as well, and it has a plugin to integrate with
simpleSAMLphp.
So, if all that plays out, I hope that we'll be doingv 2FA with U2F on
our SAML IdPs at least in the mid-term future. And the only thing
holding us back from moving to FIDO2 then is server-side support for that.
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette
Tel: +352 424409 1
Fax: +352 422473
PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
Attachment:
0xC0DE6A358A39DC66.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
- [eduGAIN-discuss] FIDO2 and SSO?, Janos Mohacsi, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 02/27/2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Jaime Pérez Crespo, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Peter Schober, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Peter Schober, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Barbara Monticini, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 02/27/2019
Archive powered by MHonArc 2.6.19.