FIDO- Server Recommendations/ Does it work with LDAP / Active Directory?

[Mohmmad Mohiddin]

Team,

I am trying to understand the concept of FIDO specifications-UAF and U2F.

Please share some basic details like server recommendations. Does it work with LDAP/ Active Directory?

Waiting for the response.

Thanks,

Mohiddin

[Arshad Noor]

Hi Mohiddin,

Both protocols/technologies deliver strong-authentication to Relying Party (RP) web-applications, but with two primary differences:

1. UAF allows you to specify a policy ahead of key-registration indicating what kind of Authenticators the RP will accept and under what conditions.  U2F allows you to reject a key-registration (based on some factors) after the keys have been generated and sent to the RP, but does not provide a mechanism to specify a policy ahead of the key-generation process;
   
   
2. UAF allows for a secure display on the client-device to display transaction information controlled by the RP and get a digital signature for the transaction.  U2F can get a digital signature for a transaction if your application chose to do that, but it does not define any mechanisms for specifying a secure display message o n the client.

UAF and U2F can work with LDAP/AD; depends on whether the server-implementation is designed to do that - I know at least one does. ;-)

Server recommendations as in ...names of server vendors?  server sizing?  server implementations?  Not sure what you want, but, here's the list of FIDO Alliance certified vendors: https://fidoalliance.org/certification/fido-certified/

Hope that helps.

Arshad Noor
StrongAuth, Inc.

--