Total number of RPs present on the authenticator.
Number of existing discoverable credentials present on the authenticator.The platform can retrieve the following information from the authenticator. The Client to Authenticator Protocol (CTAP) defines the information that the platform can retrieve from the authenticator. Credential management does not have the capability to display non-discoverable keys (including U2F based credentials) as that information is not stored on the authenticator in any fashion. The platform can show the credential Relying Party (RP) information, the credential descriptor, and the number of discoverable credentials on the authenticator. Given this capability, the platform needs to be able to read, display and act upon the discoverable credentials in a secure manner.Ĭredential Management allows the platform to display the credentials that reside on the security key so that the user can act upon them. discoverable credentials allow for passwordless and usernameless experience where the user just needs to enter in their user verification PIN to authenticate. With FIDO2, credentials can reside on the authenticator, i.e., the YubiKey. These enhancements allow users to review FIDO2 discoverable credentials on their YubiKey and delete individual credentials without requiring a full reset, as well as allowing FIDO2 services to prevent unauthorized users from accessing the corresponding credentials on a user’s YubiKey.įurther, the enhancements to the FIDO2/WebAuthn spec include extending the encryption algorithms available for securing FIDO2 credentials, as well as services to support advanced platform authentication to YubiKeys, allowing for a more secure implementation of the FIDO2/WebAuthn protocols. With the release of the YubiKey 5Ci device with firmware 5.2, Yubico offers support for the latest FIDO2/WebAuthn functionality, offering advancements in FIDO credentials management and protection.
0 kommentar(er)
