The main goal is the passwordless authentication experience
- Simple to authenticate using biometrics readings, such as fingerprint
- More secure authentication using the cryptography
- Standardize the messages, and the message exchange sequence
- Standardize the way how biometric authenticators are receiving requests and giving out responses
- Define how cryptography can be used to secure messages that are exchanged
- Identifying all required data that needs to be part of the protocol messages
- Correct implementation of message exchange sequence
- Correct implementation of cryptography sign/verify operations
- Correct implementation of encoding/decoding of the messages
- Number of successful application of the protocol is high
- Number of protocol adaptations in comparing with password authentication is higher
- Number of security bugs equal to zero
The code presented here is divided into three groups:
- fido-uaf-core - UAF protocol implementation
- fidouaf - UAF server, a Jersey service application for demoing UAF protocol implementation use
- RP Client App - Android relying party client app for demoing UAF server