How to access to a UAF Client or ASM from a web browser on a PC(Windows environment)?

[Yoo Byeongcheol]

Hi. I'm developing a UAF Client, ASM and Authenticator for PC(Windows).

And I'm wondering how a web browser can access to a native UAF Client program without using Active X which is being deprecated.

As far as I know, If I made a native client.exe program on a PC I wouldn't be able to access to it from Chrome or MS Edge browsers.

(and I think it'd be pretty much the same If I made it as a DLL(dynamic link library) file as well.

1. So my question is "How can I invoke UAF Client.exe or ASM.dll from a web browser on a PC(Windows) without Active X?"

Thanks, regards.

- Byeongcheol -

[Luke Briner]

I think the idea is that the web browser itself is the FIDO client and you only have to write an ASM and authenticator to work with that. You can find details at the bottom of the ASM spec, section 5.2, which tells you how to create a DLL and set the registry to find it.

[Yoo Byeongcheol]

Thanks Luke.

Yes I've already read about the ASM spec, and I thought it doesn't say anything about a client accessing to an ASM.dll file.

As you said, if the client is running on the web browser how can it access to a local ASM.dll file from Chrome or MS Edge without using Active X?

As i'm not a web developer I don't know much about how to exploit a web browser to access to the ASM.dll file.

2017년 2월 27일 월요일 오후 5시 15분 23초 UTC, Luke Briner 님의 말:

[신기은]

You can run the local web server which provides FIDO Client interfaces and implements ASM interfaces.

 

In this case, you can access to the local web server with javascript on any web browser.

 

Thanks.

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/3fbb4eda-ea22-4483-b67c-2e7a917198f7%40fidoalliance.org.

[Pooja Kuntal]

Hi,

So does it mean that on windows, we need to implement only ASM if using external authenticator?

And what is windows hello? Is it FIDO clinet?

[Arshad Noor]

Pooja,

The UAF protocol was designed to, primarily, work on mobile environments
from rich client applications; the protocol was not intended for
browser-based access on desktop environments. The U2F protocol,
however, was intended for desktops and browsers.

Windows Hello is a Microsoft technology to use the newer FIDO2 (also
known as WebAuthn in the W3C world) protocol to authenticate users to
the platform (desktop, laptop and or mobile device), as well as to
remote websites through browsers.

If your target deployment is desktops and browsers, I would recommend
you read up the U2F and WebAuthn protocols - they are more in line with
your stated requirements.

All the best,

Arshad Noor
StrongKey

[Pooja Kuntal]

Hi Arshad,

But in UAF architectural doc, it clearly says FIDO client can be on any platform (Windows ,ios, android). Our requirement is based on Biometrics which can be achieved using UAF not U2F.

Its kind of confusing.

And regarding Windows Hello , Is it a complete solution (FIDO client , ASM and authenticator)

I dont find any support for Windows platform.

--

Pooja Kuntal

[Arshad Noor]

A UAF client can be implemented on any platform that has underlying support for its mechanics, Pooja.  However unless the platform provides an SDK to simplify things for you, you have to build all the required components yourself.  The reason a UAF client for Windows Mobile does not exist, probably, has more to do with market dynamics than technical capability.

However, the FIDO world is undergoing a transformation currently.  While UAF and U2F had distinct capabilities and characteristics, FIDO2/WebAuthn is blending capabilities (not all though) of both these protocols into WebAuthn, and enabling it to work on Mobile and Desktop/Laptop devices with, both, rich client applications and web-browsers.  I would recommend you read the spec on WebAuthn at w3c.org and check the internet for announcements/signals from platform vendor before you embark on your journey - what you intend to do may already be in their road-map.

Arshad

[Pooja Kuntal]

Thanks Arshad for detailed explanation.

I am.surely gonna research on webauth.

Regards

Pooja