What does the FIDO + OpenID Connect protocol flow look like?
670 views
Skip to first unread message
Callum Brankin
Oct 27, 2016, 9:06:01 AM10/27/16
to FIDO Dev (fido-dev)
I'm about to write up an FIDO + OpenID Connect protocol myself but just wondering if there's already one avaliable?
Fred Le Tamanoir
Oct 27, 2016, 9:17:41 AM10/27/16
to Callum Brankin, FIDO Dev (fido-dev)
I do like this kind of initiative :)
If you are talking about FIDO U2F, I think gluu already supports U2F and Open ID Connect (and lots of other great features you can activate/deactivate)
https://www.gluu.org
If you are talking about FIDO U2F, I think gluu already supports U2F and Open ID Connect (and lots of other great features you can activate/deactivate)
https://www.gluu.org
On Thu, Oct 27, 2016 at 3:06 PM, Callum Brankin <cal...@pixelpin.co.uk> wrote:
I'm about to write up an FIDO + OpenID Connect protocol myself but just wondering if there's already one avaliable?
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/14fb6446-9f8f-4de9-ab4d-d8f8d3c86895%40fidoalliance.org.
Callum Brankin
Oct 27, 2016, 9:28:15 AM10/27/16
to FIDO Dev (fido-dev), cal...@pixelpin.co.uk
Is there any protocol flow diagrams i meant, probably didn't explain myself properly.
On Thursday, 27 October 2016 14:17:41 UTC+1, Fred Le Tamanoir wrote:
I do like this kind of initiative :)
If you are talking about FIDO U2F, I think gluu already supports U2F and Open ID Connect (and lots of other great features you can activate/deactivate)
https://www.gluu.org
On Thu, Oct 27, 2016 at 3:06 PM, Callum Brankin <cal...@pixelpin.co.uk> wrote:
I'm about to write up an FIDO + OpenID Connect protocol myself but just wondering if there's already one avaliable?
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
Fred Le Tamanoir
Oct 27, 2016, 9:45:22 AM10/27/16
to Callum Brankin, FIDO Dev (fido-dev)
Regarding protocol flows, U2F and OpenID connect have no direct links, you'll have to search these points separately.
For everything else, you'll find everything you want inside the -quite amazing- gluu website/documentation.
For everything else, you'll find everything you want inside the -quite amazing- gluu website/documentation.
FYI, (not open source) "France Connect" authentication server/services (French eIDAS IAM compliant initiative) will use OpenID Connect too with a U2F option
(this is a winning couple...)
(this is a winning couple...)
--
Fred
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/5f3feef5-2942-4415-8c71-1cc2caa300af%40fidoalliance.org.
Callum Brankin
Oct 27, 2016, 9:55:37 AM10/27/16
to FIDO Dev (fido-dev), cal...@pixelpin.co.uk
We're planning on using UAF, according to the architecture documentation: https://fidoalliance.org/specs/fido-uaf-v1.0-ps-20141208/fido-uaf-overview-v1.0-ps-20141208.html#relationship-to-other-technologies. OpenID and FIDO UAF work together in some sort of way.
Fred
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/5f3feef5-2942-4415-8c71-1cc2caa300af%40fidoalliance.org.
Hodges, Jeff
Oct 27, 2016, 10:23:24 AM10/27/16
to Callum Brankin, FIDO Dev (fido-dev)
you may find this helpful..
FIDO and Federation (CIS 2015 - Cloud Identity Summit - Hodges)
=JeffH
To view this discussion on the web visit
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/c50788b9-a4cc-4fd8-b969-1fdfd831fc45%40fidoalliance.org.
Fred Le Tamanoir
Oct 27, 2016, 10:26:48 AM10/27/16
to Callum Brankin, FIDO Dev (fido-dev)
Open ID connect is not just about open ID but I see what you mean.
There are two UAF open source servers now I think and lots of Open ID connect implementations, so good luck then !
Please keep us informed :)
Please keep us informed :)
--
Fred
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/c50788b9-a4cc-4fd8-b969-1fdfd831fc45%40fidoalliance.org.
Callum Brankin
Oct 27, 2016, 10:55:00 AM10/27/16
to FIDO Dev (fido-dev), cal...@pixelpin.co.uk
This is exactly what i'm looking for. Thanks Jeff!
Callum Brankin
Oct 27, 2016, 11:07:59 AM10/27/16
to FIDO Dev (fido-dev), cal...@pixelpin.co.uk
Quick question Jeff, will the user/authenticator interact with an IDP (in my case OpenID Connect) during authenticator registration?
On Thursday, 27 October 2016 15:23:24 UTC+1, Jeff.Hodges wrote:
Hodges, Jeff
Oct 27, 2016, 11:52:43 AM10/27/16
to Callum Brankin, FIDO Dev (fido-dev)
On 10/27/16, 8:07 AM, "fido...@fidoalliance.org on behalf of Callum Brankin" <fido...@fidoalliance.org on behalf of
cal...@pixelpin.co.uk> wrote:
Quick question Jeff, will the user/authenticator interact with an IDP (in my case OpenID Connect) during authenticator registration?
The FIDO (aka WebAuthn :) registration operation is analogous to typical account registration (and flows thereof), and so one typically integrates it there in whatever fashion makes sense for the deployment
in question. c.f.
Google's 2-step Verification [1] via "Security Key" [2].
HTH
=JeffH
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/af40d7ad-efe4-4272-90f1-61465340c710%40fidoalliance.org.
Fred Le Tamanoir
Oct 27, 2016, 2:46:35 PM10/27/16
to Hodges, Jeff, Callum Brankin, FIDO Dev (fido-dev)
Quoting: "The FIDO (aka WebAuthn :) registration operation is analogous"
nope, nope, and nope not "aka".
WebAuthn is about the next FIDO 2.0 "thing". Not compatible with FIDO U2F. Not compatible with FIDO UAF. So no: FIDO is not aka WebAuthn.
nope, nope, and nope not "aka".
WebAuthn is about the next FIDO 2.0 "thing". Not compatible with FIDO U2F. Not compatible with FIDO UAF. So no: FIDO is not aka WebAuthn.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/af40d7ad-efe4-4272-90f1-61465340c710%40fidoalliance.org.
--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+unsubscribe@fidoalliance.org.
To post to this group, send email to fido...@fidoalliance.org.
Visit this group at https://groups.google.com/a/fidoalliance.org/group/fido-dev/.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/D4376E57.D9AB4%25jehodges%40paypalcorp.com.
Hodges, Jeff
Oct 27, 2016, 3:53:24 PM10/27/16
to Fred Le Tamanoir, FIDO Dev (fido-dev)
On 10/27/16, 11:46 AM, "Fred Le Tamanoir" <fredlet...@gmail.com> wrote:
>Quoting: "The FIDO (aka WebAuthn <https://www.w3.org/TR/webauthn/> :)
abstraction -- composing webauthn/fido with federation protocols -- they
(FIDO/webauthn) are essentially equivalent in a fashion similar to how all
the HTTP-redirect-based web SSO "federation" protocols are essentially
equivalent (again: at a protocol-flow level of abstraction).
the FIDO/webauthn incompatibilities you are referring to are at the
protocol message, and processing thereof, "layer".
=JeffH
>Quoting: "The FIDO (aka WebAuthn <https://www.w3.org/TR/webauthn/> :)
> registration operation is analogous"
>
>nope, nope, and nope not "aka".
>
>WebAuthn is about the next FIDO 2.0 "thing". Not compatible with FIDO
>U2F. Not compatible with FIDO UAF. So no: FIDO is not aka WebAuthn.
what I was trying to get at is that at the protocol-flow level of
>
>nope, nope, and nope not "aka".
>
>WebAuthn is about the next FIDO 2.0 "thing". Not compatible with FIDO
>U2F. Not compatible with FIDO UAF. So no: FIDO is not aka WebAuthn.
abstraction -- composing webauthn/fido with federation protocols -- they
(FIDO/webauthn) are essentially equivalent in a fashion similar to how all
the HTTP-redirect-based web SSO "federation" protocols are essentially
equivalent (again: at a protocol-flow level of abstraction).
the FIDO/webauthn incompatibilities you are referring to are at the
protocol message, and processing thereof, "layer".
=JeffH
Reply all
Reply to author
Forward
0 new messages