edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] FIDO2 and SSO?

From: Leif Johansson <leifj AT sunet.se>
To: edugain-discuss AT lists.geant.org
Subject: Re: [eduGAIN-discuss] FIDO2 and SSO?
Date: Wed, 27 Feb 2019 15:36:45 +0100
Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (2048-bit key) header.d=sunet-se.20150623.gappssmtp.com

On 2019-02-27 15:23, Peter Schober wrote:
> * Leif Johansson <leifj AT sunet.se> [2019-02-27 14:36]:
>> You don't need much server-side to do WebAuth. All you have to do is
>> to store a public key somewhere in your user store. You can probably
>> figure that out without handholding :-)
>
> Not sure most IDPs have a deployed a writable user store?

You don't need that. All you need is for your registration page to
have write access to the user store - or something adjacent to it.
shib could certainly multiplex multiple datastores here

> (One of the reasons people fail to [properly] support non-reassigned
> identifiers, which happen to be the only ones left going forward,
> i.e., subject-id and pairwise-id.)
>
> -peter
>

[eduGAIN-discuss] FIDO2 and SSO?, Janos Mohacsi, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 27-Feb-2019
  - Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
    - Re: [eduGAIN-discuss] FIDO2 and SSO?, Stefan Winter, 27-Feb-2019
      - Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019
      - Re: [eduGAIN-discuss] FIDO2 and SSO?, Jaime Pérez Crespo, 27-Feb-2019
    - Re: [eduGAIN-discuss] FIDO2 and SSO?, Peter Schober, 27-Feb-2019
      - Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 02/27/2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Peter Schober, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Barbara Monticini, 27-Feb-2019
- Re: [eduGAIN-discuss] FIDO2 and SSO?, Leif Johansson, 27-Feb-2019