Building FIDO Server

[fatima kabouri]

Hi everyone 

I need to know how can we develop a fido server, its architecture but i can't find some helpful documentation about it.

Can you give me a hand with this ? Some documentation about fido server.

[Ackermann Yuriy]

Hey Fatima

We have community resources, including open source servers: https://github.com/herrjemand/awesome-webauthn

We as well as guides on FIDO2/WebAuthn https://medium.com/webauthnworks/webauthn-fido-series-content-page-4f9a187aa588

As well as easy to start guide https://webauthn.guide/

Let me know if there are any questions you have.

Thanks.

Yuriy

Yuriy Ackermann

FIDO, Identity, Standards

skype: ackermann.yuriy

github: @herrjemand

twitter: @herrjemand

medium: @herrjemand

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f8c8c283-b1a3-4c03-822c-0d8b5ad77be2n%40fidoalliance.org.

[Arshad Noor]

You are certainly welcome to create your own FIDO Server, Fatima. But,
when one of the most capable, FIDO Certified servers is free and
open-source (https://github.com/strongkey/fido2), why would you? :-)

- Built-in replication for high-availability
- Security policies (Demo at https://demo.strongkey.com/fidopolicy/)
- Built-in SSO with JWT responses
- Integration with PKI (https://sourceforge.net/projects/pki2fido/)
- Android Key Attestation for native Android apps
- Transaction confirmation support for digitally signed transactions
- Protection from side-channel attacks on FIDO credential database
- Integrated with FIPS certified cryptographic hardware modules
(this feature, unfortunately, is not free currently)
- Backed by a company with 21 years of strong-authentication experience

While we are certainly encouraged that people around the world are
interested in building FIDO products, given that there are already
dozens of FIDO Certified Authenticators and Servers
(https://fidoalliance.org/certification/fido-certified-products/), the
millions of web/mobile applications using ancient authentication
technology (passwords/OTP/secrets) are the real problem.

Instead, it would seem to me that innovators might want to figure out
how to get those legacy applications to FIDO as quickly as possible.
When even trillion-dollar companies are not impervious to compromises
due to passwords on their websites, IMO software developers should be
focused on leaving that history in the dust-bin by FIDO-enabling all
their web/mobile applications.

(NOTE: Apologies for the rant, but it is not directed at you - just at
the companies that are still rolling out brand new applications - or
maintaining old applications - with passwords on them).

Hope this helps.

Arshad Noor
StrongKey

P.S. The StrongKey FIDO Server is documented at https://docs.strongkey.com

> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org

> <mailto:fido-dev+u...@fidoalliance.org>.

> To view this discussion on the web visit
> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f8c8c283-b1a3-4c03-822c-0d8b5ad77be2n%40fidoalliance.org

> <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/f8c8c283-b1a3-4c03-822c-0d8b5ad77be2n%40fidoalliance.org?utm_medium=email&utm_source=footer>.

[Daniel aziz]

😑 asal kau ni eh  . kat mana² ada nama kau 😑😑😑😑😑😑😑😑

To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/bf2f92ca-9555-7e1a-af5d-94d09cc162c1%40strongkey.com.

[fatima kabouri]

Thank you very much.