跳转到内容

WebAuthn

维基百科,自由的百科全书

这是本页的一个历史版本,由日期20220626留言 | 贡献2021年3月4日 (四) 10:02编辑。这可能和当前版本存在着巨大的差异。

WebAuthn是由万维网联盟發布的網頁標準[1][2][3],也是在FIDO联盟指導下的FIDO2項目英语FIDO2 Project的核心部分。[4]該標準定義了瀏覽器中的一個Web API,为用户提供在Web上进行安全认证的新方法。

A roaming cryptographic hardware authenticator with a USB interface

在客戶端,有多種方法可以實現WebAuthn。WebAuthn的底层的加密操作由验证器来执行。. A roaming hardware authenticator conforms to the FIDO Lua错误:bad argument #1 to 'gsub' (string expected, got nil)。 (CTAP),[5] making WebAuthn effectively backward compatible with the FIDO 通用第二因素 (U2F) standard.[6]

Similar to legacy U2F, Web Authentication is resilient to verifier impersonation, that is, it is resistant to active man-in-the-middle-attacks,[7] but unlike U2F, WebAuthn does not require a traditional password. Moreover, a roaming hardware authenticator is resistant to malware since the private key material is at no time accessible to software running on the host machine.

The WebAuthn Level 1 standard was published as a W3C Recommendation on 4 March 2019.[8][9] A Level 2 specification is under development.[10]

章节标题

參考資料

  1. ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (编). Web Authentication: An API for accessing Public Key Credentials Level 1 Recommendation. 万维网联盟 (W3C). 4 March 2019 [4 March 2019]. 
  2. ^ Web Authentication Working Group. 万维网联盟 (W3C). [2018-05-11]. 
  3. ^ Strickland, Jonathan. What is WebAuthn. TechStuff. 清晰頻道通信公司. 20:35 记录于. 18 March 2019 [20 March 2019]. 
  4. ^ FIDO2 Project. FIDO Alliance. [2018-05-11]. 
  5. ^ Brand, Christiaan; Czeskis, Alexei; Ehrensvärd, Jakob; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Powers, Adam; Verrept, Johan (编). Client to Authenticator Protocol (CTAP). FIDO Alliance. January 30, 2019 [7 March 2019]. 
  6. ^ WebAuthn / CTAP: Modern Authentication (PDF). 万维网联盟 (W3C). 10 December 2018 [11 March 2019]. 
  7. ^ Kan, Michael. Google: Phishing Attacks That Can Beat Two-Factor Are on the Rise. PC Magazine. March 7, 2019 [8 March 2019]. 
  8. ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (编). Web Authentication: An API for accessing Public Key Credentials Level 1 (latest). 万维网联盟 (W3C). [4 March 2019]. 
  9. ^ W3C and FIDO Alliance Finalize Web Standard for Secure, Passwordless Logins. 万维网联盟 (W3C). 4 March 2019 [4 March 2019]. 
  10. ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Lundberg, Emil (编). Web Authentication: An API for accessing Public Key Credentials Level 2 First Public Working Draft. 万维网联盟 (W3C). 4 Jun 2019 [6 Jun 2019]. 


外部連結

检索自“https://zh.wikipedia.org/w/index.php?title=WebAuthn&oldid=64613550