UAF - Universal Authentication Framework
- 2017.10.02 - Updated Android RP app to utilize Android 6.0 secure storage
- 2016.10.14 - Added endpoints for whitelisting AAID, and Facet Ids
- 2016.05.20 - Added wiki page for Maven build and Tomcat setup/run (using CLI only)
- 2016.03.28 - Started wiki pages
- 2016.02.23
- 2016.01.16
Vision
The main goal is the passwordless authentication experience
Values
- Simple to authenticate using biometrics readings, such as fingerprint
- More secure authentication using the cryptography
Methods
- Standardize the messages, and the message exchange sequence
- Standardize the way how biometric authenticators are receiving requests and giving out responses
- Define how cryptography can be used to secure messages that are exchanged
Obstacles
- Identifying all required data that needs to be part of the protocol messages
- Correct implementation of message exchange sequence
- Correct implementation of cryptography sign/verify operations
- Correct implementation of encoding/decoding of the messages
Measures
- Number of successful application of the protocol is high
- Number of protocol adaptations in comparing with password authentication is higher
- Number of security bugs equal to zero
Implementation details
The code presented here is divided into three groups:
- fido-uaf-core - UAF protocol implementation
- fidouaf - UAF server, a Jersey service application for demoing UAF protocol implementation use
- RP Client App - Android relying party client app for demoing UAF server
Steps for running the demo
- Build and run the UAF server as described in the Wiki page of the project (https://github.com/eBay/UAF/wiki/BuildingAndRunningUAFServer).
- Build and run the client (fidouafclient).
- Obtain the facetID of the client.
3.1. If the client program is run on an android device, pressing the button labelled "facetID" will display the string representing the facetID of the client program on the screen.
3.2. If the client program is run on an emulator, pressing the button labelled "facetID" will cause the string representing the facetID of the client program to be printed on the IDE console (Logcat). The string can be located by searching for the term "facetID:".
- In the file UAF/fidouaf/src/main/java/org/ebayopensource/fidouaf/res/config.properties, replace the example string representing the facetID of the client program with the value obtained in step 3.
- Set the Server Endpoint on the client by clicking on the settings menu on the upper right corner of the client application, filling in an appropriate IP address and port for the server (e.g., http://192.168.1.34:8080), then clicking on the checkmark to save the settings.
- The client and the server are now ready to be tested.