It all depends on what you're doing with FIDO2 and what your goals are
for the solution once you have it working, Niraj.
If you're experimenting with FIDO for a proof-of-concept to increase
your understanding of how it works, you can pretty much use anything
that supports the types of authenticators you're planning to test; most
libraries will support most Security Keys and platform authenticators to
give you a flavor for what the UX will be when applications are FIDO
enabled.
If you're planning to build an infrastructure to support a production
system, that requires one or more of the following capabilities, you
probably want to consider a standalone server:
- Built-in high-availability and disaster recovery;
- Support for multiple attestation types: Basic, Apple, Android Key, etc.;
- Ability to abstract security policy management outside applications;
- Integrated SSO to avoid using yet another tool/protocol outside the
FIDO server to reduce application complexity;
- Mobile library with support for "Transaction Confirmation" to comply
with regulations such as PSD2 for strong customer authentication (SCA);
- Developer tools for large-scale performance testing without the need
for humans at each client station;
- FIDO Certification to provide an assurance of commitment and
conformance to standards.
If you're looking for something with all these capabilities, check out:
https://sourceforge.net/projects/strongkeyfido/ or
https://github.com/StrongKey/fido2
Hope that helps.
Arshad Noor
StrongKey
> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
fido-dev+u...@fidoalliance.org
> <mailto:
fido-dev+u...@fidoalliance.org>.
> <
https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAFT0Dp0QxLPAWbRRWWOpMWskeGxeTi%3DOfqMnRMO0v0cPUtOwQw%40mail.gmail.com?utm_medium=email&utm_source=footer>.