Build 2016 - P514 - Windows Hello in Microsoft Edge

#Build2016

Windows Hello in Microsoft EdgeAnoosh SabooriSenior Program Manager

Microsoft Passport & Windows HelloA multi-factor authentication system built for you and your users

Achieve higher levels of security while reducing costs

Increase user convenience with simple

unlock gestures

Integrate Microsoft Passport & Windows Hello

Windows 10 apps Enterprise content Edge-friendly websites

Windows Hello in Microsoft Edge - DemoAnoosh Saboori

Microsoft has contributed this technology to the Fast Identity Online (FIDO) Alliance

Best-in-class security standards should not be kept secret

Integrate Microsoft Passport & Windows Hello

Edge-friendly websites

Windows Hello

Coming soon: Integrate FIDO Devices

Edge-friendly websites

FIDO Devices

API overviewinterface MSCredentials { Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);

Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params); };

Code WalkthroughmakeCredential

Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);

interface MSAssertion { readonly attribute MSCredentialType type; readonly attribute DOMString id; //Used as key identifier }; enum MSCredentialType { "FIDO_2_0" };

Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);interface MSFIDOCredentialAssertion : MSAssertion { readonly attribute AlgorithmIdentifier algorithm; // RSASSA-PKCS1-v1_5 readonly attribute DOMString publicKey; //JSON WebKey readonly attribute MSAttestationStatement? //Returns NULL readonly attribute sequence<MSTransportType> transportHints; //Always return Embedded }; enum MSTransportType { "Embedded", "USB", "NFC", "BT" };

dictionary MSAccountInfo { required DOMString rpDisplayName; //ignored required DOMString userDisplayName; //ignored DOMString accountName; //ignored DOMString userId; //Used as key identifier DOMString accountImageUri; //ignored };

dictionary MSFIDOCredentialParameters : MSCredentialParameters { AlgorithmIdentifier algorithm; //Set to RSASSA-PKCS1-v1_5 sequence<AAGUID> authenticators; //ignored };

typedef DOMString AAGUID;

Code WalkthroughgetAssertion

Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);

dictionary MSCredentialFilter { sequence<MSCredentialSpec> accept; //Acceptable list of credential type }; dictionary MSCredentialSpec { required MSCredentialType type; //Set to "FIDO_2_0" DOMString id; };

Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);

dictionary MSSignatureParameters { DOMString userPrompt; };

Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params); interface MSFIDOSignatureAssertion : MSAssertion { readonly attribute MSFIDOSignature signature; }; interface MSFIDOSignature { readonly attribute DOMString clientData; //UTF JSON Encoded of

//{ // Challenge: <>, // User Prompt: <>,

//} readonly attribute DOMString authnrData //set to 10000000 readonly attribute DOMString signature; // UTF8 encoding of signature over // (authnrData|| SHA-2 Hash of

// clientData) };

API overviewMakeCredentialIf the same id is used for makecredential, keys get overwrittenGet public key out of assertion data structureInsert public key and id to index DB for later usageRecommendation: store the id on server side to protect against cookies deleted

GetAssertionNeeds a challengeAssertion.signature goes to serverSupport for contextual string

Other related itemsNo delete APIUse PIN reset

No support for attestation Support coming once W3C specs are settled down Key isolationKey isolation exists between modern apps and browser also origin based isolation based on TLD

• Experiment and prototype with these APIs and give us feedback

• Visit http://aka.ms/fidoblog for more information

• W3C submission links:• http://www.w3.org/Submission/fido-web-api/• http://

www.w3.org/Submission/2015/SUBM-fido-signature-format-20151120/• http

://www.w3.org/Submission/2015/SUBM-fido-key-attestation-20151120/

Call to Action

Build 2016 - P514 - Windows Hello in Microsoft Edge

Technology

Transcript of Build 2016 - P514 - Windows Hello in Microsoft Edge

Say hello to your family and friends with a special ... · Say hello to your family and friends with a special handmade card. Cut carefully along the grey line to neaten the edge

Knowledge-aware Assessment of Severity of Suicide Risk for ...protocols.netlab.uky.edu/~rvkavu2/research/p514-gaur.pdf · Knowledge-aware Assessment of Severity of Suicide Risk for

Creating Hello, Hello · 2020-07-01 · Creating Hello, Hello Hello, Hello is a picture book written by children at the third Spinifex Writing Camp. It was hosted by Tjuntjuntjara

Hello, Hello Viking!

Laravel Forge: Hello World to Hello Production

WAKE UP, GROW UP: THE EDGE OF THE UNKNOWN …integral-life-home.s3.amazonaws.com/Wilber-WakeUpGrowUp-TheEdgeOf...1 THE LEADING EDGE OF THE UNKNOWN IN THE HUMAN BEING Ken Wilber Hello,

- [Cynthia] Hello, we're live. - Hello. · - [Cynthia] Hello, we're live. - Hello. - [Cynthia] Hello Amber. - Welcome. - [Cynthia] I'm just gonna fix this real quick, cause there's

Hello HllHello Hello East Midtown Study - NYIT Logo (New ...iris.nyit.edu/~maltwick/ESP/Module 1/rezoning.pdf · Hello Hello HllHello Hello Hello Hello East Midtown Study July 18,

Happy Hoppy. English for children - Libris.ro Hoppy...Hello children Hello Mrs TeacherHello Hoppy Hello, hello Hello children Hello Mrs TeacherHow are you today?I'm fine! llSltrN TO

Hello Edge: Keyword Spotting on Microcontrollerspeople.cs.pitt.edu/~hasanzadeh/files/notes/03.20.18...•RNNs exploits temporal relation between signals •RNNs captures long term

Hello Gran Hello Bretañaestaticojuventud.carm.es/wmj/home/DOC24556320101_24... · 2011. 3. 11. · Inglés 24 Hello Hello Hello Hello Hello Manchester Newcastle York Edimburgo Bournemouth

Hello, hello how are you today? I´m happy, happy, happy Hello, hello how are you today? I´m sad, sad, sad Hello, hello how are you today? I´m hungry,

Hello, and welcome to this presentation on the advanced-control, general … · value is updated on a single clock edge, depending on the direction. Here the falling edge of Channel

Hello hello hello hello hello hello!how are you? I’m fine! I’m fine !Thank you! Thank you very much!

US Internal Revenue Service: p514--1996

HELLO CHINA - helloworld › attachments › docs › hw-nz-china-1718.pdf · CHINA HELLO HELLO UK & PACIFIC EUROPE 2017 2017 HELLO HELLO USA 2017 THAILAND 2017 ISLANDS 2017 HELLO

US Internal Revenue Service: p514--1997

Hello!€¦ · Hello! WOODS EDGE HOMEOWNERS ASSOCIATION (HOA) Welcome to the Neighborhood! Fall 2019 . Page 2 Page 3 Welcome to Woods Edge! We’re delighted to have you join our

Hello song Hello! Hello! Hello, how are you? I’m good! I’m great! I’m wonderful! x2 Hello! Hello! Hello, how are you? I’m tired. I’m hungry. I’m not so.

Hello Hello Hello