If a USB authenticator is ready, only CATP2.0 is supported

[Steven li]

Hi guys,

If I have prepared a USB authenticator, it only supports CATP2.0, and I want to pass the certification of the FIDO Alliance.

Do I still need to make a Webauthen server?
If not, is it enough to run CTAP2.0 Authenticator - MDS3 Tests in the conformance tool?

Finally, complete the conformance tool, and then participate in the interoperability test to obtain the certification.

thanks,

Steven

[Nice billion's]

Nice billion's has sent you an email via Gmail confidential mode:

Re: [FIDO-DEV] If a USB authenticator is ready, only CATP2.0 is supported

This message was sent on Nov 9, 2022 at 5:04:43 AM PST

You can open it by clicking the link below. This link will only work for fido...@fidoalliance.org.

View the email

Gmail confidential mode gives you more control over the messages you send. The sender may have chosen to set an expiration time, disable printing or forwarding, or track access to this message. Learn more

Gmail: Email by Google Use is subject to the Google Privacy Policy Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA You have received this message because someone sent you an email via Gmail confidential mode.

[John Bradley]

You don’t need to have a server.  

On the other hand you do need to pass the 1.5 security requirements.  That effectively requires support for CTAP2.1.   

SR 1.5 added new requirements for the pin protocol.  

Sent from my iPhone

On Nov 9, 2022, at 1:04 PM, Nice billion's <matthewc...@gmail.com> wrote:



--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/CAAD0T%3DhkXWEbcMmgXD9OT%3DU0WGjfLcZsS_C%3DWbw_ELduT6LA5A%40mail.gmail.com.

[Steven li]

Hi John:

First of all thanks for your help.

I think WebAuthen should be FIDO2 Server.

So the FIDO2 interoperability test program, where the FIDO2 server
from where?

Or will the FIDO Alliance provide servers to test products?

https://fidoalliance.org/certification/interoperability-testing/

Required for all Servers and Authenticators

1. Register: The FIDO2 Authenticator will be required to register itself with the FIDO2 Server.
2. Authenticate: The FIDO2 Authenticator, after being registered with the server, will be required to demonstrate that it can authenticate with the server.
3. Reset: erase and revert back to factory settings and reauthenticate

Thanks,

Steven

John Bradley 在 2022年11月9日 星期三晚上9:19:51 [UTC+8] 的信中寫道：

[Arshad Noor]

There are any number of public FIDO2/WebAuthn servers on the internet, Steven - you should be able to test on them to get a sense of whether your Authenticator works or not.

1. https://demo.strongkey.com/skso
   
2. https://demo.strongkey.com/fidopolicy
3. https://demo.strongkey.com/basicdemo/
4. https://digitalbank-test.com/
   
5. https://webauthn.io/
6. ...

If you want to setup your own FIDO2 server internally for testing, you can download a FIDO Certified server at https://github.com/strongkey/fido2

Hope that helps.

Arshad Noor
StrongKey

[Steven li]

Hi  Arshad:

I think I should understand.

As for the FIDO2 server in the test of the consistency tool provided by the alliance, it should be the item that needs to be tested when the server(WebAuthn) is to be developed, right?

Thanks for your help.

Steven

Arshad Noor 在 2022年11月10日 星期四凌晨1:29:08 [UTC+8] 的信中寫道：

[Arshad Noor]

There is no reason to develop the server if your goal is to only certify
the Authenticator you have built, Steven. However, if you are planning
to provide a complete solution to your customers - Authenticators and
Server - then you can choose to build your own server. That is a
business decision - not a technological or a certification decision.

If you really want to understand the process, send e-mails to the
Certification Group's mail-alias on FIDO Alliance's website; they will
provide the detailed answers your seek.

ARshad

On 11/9/22 5:25 PM, Steven li wrote:
> Hi Arshad:
>
> I think I should understand.
> As for the FIDO2 server in the test of the consistency tool provided by
> the alliance, it should be the item that needs to be tested when the
> server(WebAuthn) is to be developed, right?
>
> Thanks for your help.
> Steven
> Arshad Noor 在 2022年11月10日 星期四凌晨1:29:08 [UTC+8] 的信中寫道：
>
> There are any number of public FIDO2/WebAuthn servers on the
> internet, Steven - you should be able to test on them to get a sense
> of whether your Authenticator works or not.
>

> 1. https://demo.strongkey.com/skso <https://demo.strongkey.com/skso>
> 2. https://demo.strongkey.com/fidopolicy
> <https://demo.strongkey.com/fidopolicy>
> 3. https://demo.strongkey.com/basicdemo/
> <https://demo.strongkey.com/basicdemo/>
> 4. https://digitalbank-test.com/ <https://digitalbank-test.com/>
> 5. https://webauthn.io/ <https://webauthn.io/>
> 6. ...

>
> If you want to setup your own FIDO2 server internally for testing,
> you can download a FIDO Certified server at

> https://github.com/strongkey/fido2 <https://github.com/strongkey/fido2>

>
> Hope that helps.
>
> Arshad Noor
> StrongKey
>
> On 11/9/22 6:43 AM, Steven li wrote:
>> Hi John:
>>
>> First of all thanks for your help.
>>
>> I think WebAuthen should be FIDO2 Server.
>>
>> So the FIDO2 interoperability test program, where the FIDO2 server
>> from where?
>> Or will the FIDO Alliance provide servers to test products?
>>
>> https://fidoalliance.org/certification/interoperability-testing/
>> <https://fidoalliance.org/certification/interoperability-testing/>
>>
>> Required for all Servers and Authenticators
>>

>> 1. *Register*: The FIDO2 Authenticator will be required to
>> register itself with the *_FIDO2 Server._*
>> 2. *Authenticate*: The FIDO2 Authenticator, after being

>> registered with the server, will be required to demonstrate
>> that it can authenticate with the server.

>> 3. *Reset: *erase and revert back to factory settings and

>> reauthenticate
>>
>> Thanks,
>> Steven
>>
>> John Bradley 在 2022年11月9日 星期三晚上9:19:51 [UTC+8] 的信中寫道：
>>
>> You don’t need to have a server.
>>
>> On the other hand you do need to pass the 1.5 security
>> requirements.  That effectively requires support for CTAP2.1.
>>
>> SR 1.5 added new requirements for the pin protocol.
>>
>> Sent from my iPhone
>>
>>

> --
> You received this message because you are subscribed to the Google
> Groups "FIDO Dev (fido-dev)" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to fido-dev+u...@fidoalliance.org

> <mailto:fido-dev+u...@fidoalliance.org>.

> To view this discussion on the web visit

> https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/67607418-8092-43fe-8fe3-c7a85c7b3987n%40fidoalliance.org <https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/67607418-8092-43fe-8fe3-c7a85c7b3987n%40fidoalliance.org?utm_medium=email&utm_source=footer>.

[Steven li]

Hi  ARshad:

Hope to participate in the interoperability testing activities smoothly, 

　thank you very much for your advice and help.

Thanks,

Steven

Arshad Noor 在 2022年11月10日 星期四上午10:37:49 [UTC+8] 的信中寫道：