Presentation is loading. Please wait.

Presentation is loading. Please wait.

Windows Hello in Microsoft Edge

Published byAdi Kartawijaya Modified over 6 years ago

Similar presentations

Presentation on theme: "Windows Hello in Microsoft Edge"— Presentation transcript:

1 Windows Hello in Microsoft Edge
Anoosh Saboori Senior Program Manager

2 Microsoft Passport & Windows Hello A multi-factor authentication system built for you and your users
Achieve higher levels of security while reducing costs Increase user convenience with simple unlock gestures

3 Integrate Microsoft Passport & Windows Hello
Windows 10 apps Enterprise content Edge-friendly websites X

4 Windows Hello in Microsoft Edge - Demo
Microsoft Build 2016 11/14/2018 3:54 PM Windows Hello in Microsoft Edge - Demo Anoosh Saboori © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Best-in-class security standards should not be kept secret
Microsoft has contributed this technology to the Fast Identity Online (FIDO) Alliance

6 Integrate Microsoft Passport & Windows Hello
Edge-friendly websites X Windows Hello

7 Coming soon: Integrate FIDO Devices
Edge-friendly websites X FIDO Devices

8 API overview interface MSCredentials {
11/14/2018 3:54 PM API overview interface MSCredentials {         Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);         Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);     }; © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Code Walkthrough makeCredential
11/14/2018 3:54 PM Code Walkthrough makeCredential © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge); interface MSAssertion {         readonly attribute MSCredentialType type;         readonly attribute DOMString id; //Used as key identifier     };     enum MSCredentialType {         "FIDO_2_0"

11 Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge); interface MSFIDOCredentialAssertion : MSAssertion {   readonly attribute AlgorithmIdentifier algorithm; // RSASSA-PKCS1-v1_5   readonly attribute DOMString publicKey; //JSON WebKey   readonly attribute MSAttestationStatement? //Returns NULL   readonly attribute sequence<MSTransportType> transportHints; //Always return Embedded     };     enum MSTransportType {         "Embedded",         "USB",         "NFC",         "BT"

12 Microsoft Build 2016 11/14/2018 3:54 PM Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge); dictionary MSAccountInfo {  required DOMString rpDisplayName; //ignored  required DOMString userDisplayName; //ignored  DOMString accountName; //ignored  DOMString userId; //Used as key identifier  DOMString accountImageUri; //ignored     }; © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);     dictionary MSFIDOCredentialParameters : MSCredentialParameters {   AlgorithmIdentifier algorithm;  //Set to RSASSA-PKCS1-v1_5   sequence<AAGUID> authenticators; //ignored     };     typedef DOMString AAGUID;

14 Promise<MSAssertion> makeCredential(MSAccountInfo accountInfo, sequence<MSCredentialParameters> params, optional DOMString challenge);    

15 Code Walkthrough getAssertion
11/14/2018 3:54 PM Code Walkthrough getAssertion © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);     dictionary MSCredentialFilter {         sequence<MSCredentialSpec> accept; //Acceptable list of credential type     };     dictionary MSCredentialSpec {         required MSCredentialType type; //Set to "FIDO_2_0"         DOMString id;

17 Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params);     dictionary MSSignatureParameters {         DOMString userPrompt;     };

18 Promise<MSAssertion> getAssertion(DOMString challenge, optional MSCredentialFilter filter, optional MSSignatureParameters params); interface MSFIDOSignatureAssertion : MSAssertion {   readonly attribute MSFIDOSignature signature;     };  interface MSFIDOSignature {         readonly attribute DOMString clientData; //UTF JSON Encoded of //{ //  Challenge: <>, // User Prompt: <>, //}         readonly attribute DOMString authnrData //set to         readonly attribute DOMString signature; // UTF8 encoding of signature over // (authnrData|| SHA-2 Hash of // clientData)

19 API overview MakeCredential GetAssertion
11/14/2018 3:54 PM API overview MakeCredential If the same id is used for makecredential, keys get overwritten Get public key out of assertion data structure Insert public key and id to index DB for later usage Recommendation: store the id on server side to protect against cookies deleted GetAssertion Needs a challenge Assertion.signature goes to server Support for contextual string © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Other related items No delete API
11/14/2018 3:54 PM Other related items No delete API Use PIN reset No support for attestation Support coming once W3C specs are settled down Key isolation Key isolation exists between modern apps and browser also origin based isolation based on TLD © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Call to Action Experiment and prototype with these APIs and give us feedback Visit for more information W3C submission links:

22 11/14/2018 3:54 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Windows Hello in Microsoft Edge"

Similar presentations

Secure Windows App Development. Authentication.

Secure Windows App Development. Authentication.
W3C WebAuthn Specification: Returning the factor-in-use and protection scheme for a multi-factor authenticator Intel Corporation.

W3C WebAuthn Specification: Returning the factor-in-use and protection scheme for a multi-factor authenticator Intel Corporation.
Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build 10586 SDK Update Andy Wigley Rajen Kishna @andy_wigley @rajen_k.

Microsoft Passport and Windows Hello Developer’s Guide to Windows 10 Build SDK Update Andy Wigley
Embed Power BI in your Web application

Embed Power BI in your Web application
Deployment Planning Services

Deployment Planning Services
Journey to Microsoft Secure Cloud

Journey to Microsoft Secure Cloud
Microsoft 2016 6/4/2018 11:15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.

Microsoft /4/ :15 PM THR2219 How Microsoft IT enables modern mobility with Windows 10 security and productivity features Rekha Nair IT Program.
Microsoft Build 2016 6/9/2018 8:04 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,

Microsoft Build /9/2018 8:04 PM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY,
Deployment Planning Services

Deployment Planning Services
6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

6/17/2018 3:45 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Modernizing your Remote Access

Modernizing your Remote Access
6/25/2018 11:13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.

6/25/ :13 PM BRK1076 Make Windows devices more secure by taking them out of your existing infrastructure Chris Rhodes & Andrew Bettany MCTs & MVPs.
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
A World Without Passwords

A World Without Passwords
Power your app with Live services

Power your app with Live services
Customizing your device experience with assigned access

Customizing your device experience with assigned access
Windows Hello Sam Chang Senior Program Manager WinHEC 2015

Windows Hello Sam Chang Senior Program Manager WinHEC 2015
9/19/2018 8:20 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.

9/19/2018 8:20 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN.
Entity Based Staging SQL Server 2012 Tyler Graham

Entity Based Staging SQL Server 2012 Tyler Graham
Understanding Wi-Fi Direct in Windows 8

Understanding Wi-Fi Direct in Windows 8

Similar presentations

Ads by Google