Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • creating new authentication requirements with US Gov
    • specifically around anti-phising 
  • lots of case-studies of people implementing FIDO/"passwordless"
    • Verizon, DNC, ebay, capitalone, microsoft, visa, fb
    • deltect erp software, integrated to product 
  • blocker to adoption: user friendly recovery of lost credentials
  • cross device key sharing, backup/recovery
    • apple/google have proprietary ways to share keys between devices.
      • contentious as one FIDO premise is the key won't leave the device
  • starting to look at MDL ISO 18013-5(?), combination session with OIDF
    • there is also an AAMVA(american association of motor vehicles associations)  rfp out, includes the public key directory 
  1. Alex Weinert at Microsoft enumerated attributes of a secure authentication credential:

    • Unguessable

    • Undisclosable

    • Multi-factor

    • Single--user

    • Local

    • Uninterceptable

    • Unphishable

Interesting that "strength" isn't in the list of attributes. ie is being discussed vs what is being taken for granted/table-stakes


  1. Joe - w/ FR IAM backgroud
  2. Scott
  3. Nancy


  • George