Build 2016 - P514 - Windows Hello in Microsoft Edge
-
Upload
windows-developer -
Category
Technology
-
view
690 -
download
2
Transcript of Build 2016 - P514 - Windows Hello in Microsoft Edge
![Page 1: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/1.jpg)
#Build2016
Windows Hello in Microsoft EdgeAnoosh SabooriSenior Program Manager
![Page 2: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/2.jpg)
Microsoft Passport & Windows HelloA multi-factor authentication system built for you and your users
Achieve higher levels of security while reducing costs
Increase user convenience with simple
unlock gestures
![Page 3: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/3.jpg)
Integrate Microsoft Passport & Windows Hello
Windows 10 apps Enterprise content Edge-friendly websites
X
![Page 4: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/4.jpg)
Windows Hello in Microsoft Edge - DemoAnoosh Saboori
![Page 5: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/5.jpg)
Microsoft has contributed this technology to the Fast Identity Online (FIDO) Alliance
Best-in-class security standards should not be kept secret
![Page 6: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/6.jpg)
Integrate Microsoft Passport & Windows Hello
Edge-friendly websites
X
Windows Hello
![Page 7: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/7.jpg)
Coming soon: Integrate FIDO Devices
Edge-friendly websites
X
FIDO Devices
![Page 8: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/8.jpg)
API overviewinterface MSCredentials { Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);
Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params); };
![Page 9: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/9.jpg)
Code WalkthroughmakeCredential
![Page 10: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/10.jpg)
Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);
interface MSAssertion { readonly attribute MSCredentialType type; readonly attribute DOMString id; //Used as key identifier }; enum MSCredentialType { "FIDO_2_0" };
![Page 11: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/11.jpg)
Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);interface MSFIDOCredentialAssertion : MSAssertion { readonly attribute AlgorithmIdentifier algorithm; // RSASSA-PKCS1-v1_5 readonly attribute DOMString publicKey; //JSON WebKey readonly attribute MSAttestationStatement? //Returns NULL readonly attribute sequence<MSTransportType> transportHints; //Always return Embedded }; enum MSTransportType { "Embedded", "USB", "NFC", "BT" };
![Page 12: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/12.jpg)
Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);
dictionary MSAccountInfo { required DOMString rpDisplayName; //ignored required DOMString userDisplayName; //ignored DOMString accountName; //ignored DOMString userId; //Used as key identifier DOMString accountImageUri; //ignored };
![Page 13: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/13.jpg)
Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);
dictionary MSFIDOCredentialParameters : MSCredentialParameters { AlgorithmIdentifier algorithm; //Set to RSASSA-PKCS1-v1_5 sequence<AAGUID> authenticators; //ignored };
typedef DOMString AAGUID;
![Page 14: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/14.jpg)
Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);
![Page 15: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/15.jpg)
Code WalkthroughgetAssertion
![Page 16: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/16.jpg)
Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);
dictionary MSCredentialFilter { sequence<MSCredentialSpec> accept; //Acceptable list of credential type }; dictionary MSCredentialSpec { required MSCredentialType type; //Set to "FIDO_2_0" DOMString id; };
![Page 17: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/17.jpg)
Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);
dictionary MSSignatureParameters { DOMString userPrompt; };
![Page 18: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/18.jpg)
Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params); interface MSFIDOSignatureAssertion : MSAssertion { readonly attribute MSFIDOSignature signature; }; interface MSFIDOSignature { readonly attribute DOMString clientData; //UTF JSON Encoded of
//{ // Challenge: <>, // User Prompt: <>,
//} readonly attribute DOMString authnrData //set to 10000000 readonly attribute DOMString signature; // UTF8 encoding of signature over // (authnrData|| SHA-2 Hash of
// clientData) };
![Page 19: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/19.jpg)
API overviewMakeCredentialIf the same id is used for makecredential, keys get overwrittenGet public key out of assertion data structureInsert public key and id to index DB for later usageRecommendation: store the id on server side to protect against cookies deleted
GetAssertionNeeds a challengeAssertion.signature goes to serverSupport for contextual string
![Page 20: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/20.jpg)
Other related itemsNo delete APIUse PIN reset
No support for attestation Support coming once W3C specs are settled down Key isolationKey isolation exists between modern apps and browser also origin based isolation based on TLD
![Page 21: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/21.jpg)
• Experiment and prototype with these APIs and give us feedback
• Visit http://aka.ms/fidoblog for more information
• W3C submission links:• http://www.w3.org/Submission/fido-web-api/• http://
www.w3.org/Submission/2015/SUBM-fido-signature-format-20151120/• http
://www.w3.org/Submission/2015/SUBM-fido-key-attestation-20151120/
Call to Action
![Page 22: Build 2016 - P514 - Windows Hello in Microsoft Edge](https://reader034.fdocuments.in/reader034/viewer/2022051123/58ed3c4c1a28ab9b378b457d/html5/thumbnails/22.jpg)
© 2016 Microsoft Corporation. All rights reserved.