UAF - Universal Authentication Framework
Vision
The main goal is the passwordless authentication experience
Values
- Simple to authenticate using biometrics readings, such as fingerprint
- More secure authentication using the cryptography
Methods
- Standardize the messages, and the message exchange sequence
- Standardize the way how biometric authenticators are receiving requests and giving out responses
- Define how cryptography can be used to secure messages that are exchanged
Obstacles
- Identifying all required data that needs to be part of the protocol messages
- Correct implementation of message exchange sequence
- Correct implementation of cryptography sign/verify operations
- Correct implementation of encoding/decoding of the messages
Measures
- Number of successful application of the protocol is high
- Number of protocol adaptations in comparing with password authentication is higher
- Number of security bugs equal to zero
Implementation details
The code presented here is divided into three groups:
- fido-uaf-core - UAF protocol implementation
- fidouaf - UAF server, a Jersey service application for demoing UAF protocol implementation use
- RP Client App - Android relying party client app for demoing UAF server