Integração do passkeys em Provedores de Identidade Shibboleth

Andrey Adriano da Rosa; Emerson Ribeiro de Mello

doi:10.5753/sbseg_estendido.2023.235836

Andrey Adriano da Rosa IFSC
Emerson Ribeiro de Mello IFSC

DOI: https://doi.org/10.5753/sbseg_estendido.2023.235836

Resumo

User authentication based on passwords is susceptible to various attacks and imposes a significant cognitive load on users. Multi-factor authentication seeks to minimize the effectiveness of certain remote attacks, but it often penalizes usability. Passkeys, a term coined based on recent standards from the FIDO Alliance and W3C, emerge as a robust alternative with a focus on usability for remote user authentication on the web. This work presents a solution for integrating passkeys into Shibboleth Identity Providers, enabling their use both as a second factor and as the first authentication factor.

Referências

Alliance, F. (2022). How FIDO address a full range of use cases. [link].

de Mello, E. R., Brito, A. E., Gomes, A. T. A., Schardong, F., Henriques, M. A. A., Wangham, M. S., de Chaves, S. A., and Silva, E. F. (2023). Relatório de visão de futuro em gestão de identidade. Publicações técnicas do Comitê Técnico de Gestão de Identidade (CT-GId) da RNP. [link].

Grassi, P., Garcia, M., and Fenton, J. (2020). Nist special publication 800-63-3 digital identity guidelines. Technical report. [link].

GÉANT (2023). Introduction to passkeys usage and implementation. [link]. Acesso em 4 de agosto 2023.

Lindemann, R., Brand, C., Czeskis, A., Jones, M. B., Hodges, J., Kumar, A., Powers, A., Verrept, J., and Ehrensvärd, J. (2021). Client to authenticator protocol ”(ctap)”. [link].

NIST (2017). Digital Identity Guidelines: Authentication and Lifecycle Management. National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-63b.

W3C (2021). Web Authentication: An API for accessing Public Key Credentials Level 2. [link].

Integração do passkeys em Provedores de Identidade Shibboleth

Resumo

Referências

Artigos mais lidos do(s) mesmo(s) autor(es)