/UAF

Primary LanguageJavaApache License 2.0Apache-2.0

Gitter

UAF - Universal Authentication Framework

UAF Architectural Overview

Vision

The main goal is the passwordless authentication experience

Values

  • Simple to authenticate using biometrics readings, such as fingerprint
  • More secure authentication using the cryptography

Methods

  • Standardize the messages, and the message exchange sequence
  • Standardize the way how biometric authenticators are receiving requests and giving out responses
  • Define how cryptography can be used to secure messages that are exchanged

Obstacles

  • Identifying all required data that needs to be part of the protocol messages
  • Correct implementation of message exchange sequence
  • Correct implementation of cryptography sign/verify operations
  • Correct implementation of encoding/decoding of the messages

Measures

  • Number of successful application of the protocol is high
  • Number of protocol adaptations in comparing with password authentication is higher
  • Number of security bugs equal to zero

Implementation details

The code presented here is divided into three groups:

  1. fido-uaf-core - UAF protocol implementation
  2. fidouaf - UAF server, a Jersey service application for demoing UAF protocol implementation use
  3. RP Client App - Android relying party client app for demoing UAF server