edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Leif Johansson <leifj AT sunet.se>
- To: edugain-discuss AT lists.geant.org
- Subject: Re: [eduGAIN-discuss] FIDO2 and SSO?
- Date: Wed, 27 Feb 2019 14:33:30 +0100
- Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=sunet-se.20150623.gappssmtp.com
On 2019-02-27 13:57, Janos Mohacsi wrote:
> Dear All,
>
> What do you think about FIDO2 movement and current SSO systems
> provided by eduGAIN and various federations behind it?
>
> https://globenewswire.com/news-release/2019/02/25/1741351/0/en/Android-Now-FIDO2-Certified-Accelerating-Global-Migration-Beyond-Passwords.html
>
> Best Regards,
>
Here is a short summary of what I said at TIIME about this topic:
- A hard and risky part of an IdP is managing passwords
- SSO is about outsourcing authentiction because passwords are hard
- FIDO (WebAuth) outsources authentication to the client platform
- WebAuth makes authentication worthless as "business case" for an IdP
Hence....
You can only make a continued case for federation if you provide
attributes. There are several examples of that - for instance any
case where there is a need for affiliation (eg for billing).
But if I'm an RP (say a research proxy) and don't get any attributes
I can use, then it is much easier for me to just implement WebAuth
than to continue to haggle with IdP operators.
As the saying goes: its time for the IdP operators to crap or get
off the can in the eScience use case.
Cheers Leif
- [eduGAIN-discuss] FIDO2 and SSO?, Janos Mohacsi, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Peter Schober, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Barbara Monticini, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 02/27/2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 27-Feb-2019
Archive powered by MHonArc 2.6.19.