Hi Fatima,
Please see answers below.
Good luck with your documentation.
Arshad Noor
StrongKey
On 9/6/22 6:34 AM, fatima kabouri wrote:
> Good afternoon,
>
> I am currently doing a documentation about FIDO2 protocol for my
> intership project. The objective is to study how can implement FIDO2
> authentication as a solutin for strong authentication. some questions
> have come to my mind.
> 1- can we implement FIDO2 authentication for native mobile application ?
Yes, you can. You can find our open-source library for Android at:
https://github.com/StrongKey/fido2/tree/master/sampleapps/java/sacl
While we do not have a full-scale library like Android's currently for
iOS, it is part of our roadmap for 2023. You can, however, find a sample
app demonstrating native iOS app doing FIDO at:
https://github.com/StrongKey/fido2/tree/master/sampleapps/swift/StrongKeyFIDODemo
> 2- Does Creating an authenticator application enable the user to manage
> its secrets keys ?
Yes, it does.
3- those keys are they stored in user's device?
Yes, the are.
> 4- can we store these keys in the cloud ? if the user has installed the
> authenticator app in another device and success in authentication does
> he get his keys ?
As Philipp has already pointed out, that is what three members of the
FIDO Alliance are attempting to do with "passkeys" - whether they use an
"authenticator app" or not is yet to be seen.
However, since FIDO is a security protocol, you need to pay close
attention to the security implications of managing cryptographic keys in
the cloud. I would encourage you to review these 2 LinkedIn postings of
mine and follow the news stories I've referenced to understand the
implications. While convenience is nice, IMO it is even more important
to be secure:
https://www.linkedin.com/posts/arshadnoor_theres-a-big-problem-with-apple-and-google-activity-6936014910808096769--8zB?utm_source=share&utm_medium=member_desktop
https://www.linkedin.com/posts/arshadnoor_okta-hack-allows-users-to-be-impersonated-activity-6971072957238427649-IaMb?utm_source=share&utm_medium=member_desktop
>
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
fido-dev+u...@fidoalliance.org
> <mailto:
fido-dev+u...@fidoalliance.org>.
> <
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/241c499c-18e6-4615-843d-e28bfaaacca7n%40fidoalliance.org?utm_medium=email&utm_source=footer>.