...
- A pluggable way to create an authentication request (CredentialRequestOptions).
- A call to PrivacyIdea.
- An interface to 'local' public key attributes e.g. using the attribute resolver like the TOTP plugin
- Probably using the Yubico libraries to generate the request
- Although, the 'signature count' is mutable and may!? need writing back somewhere - need to check the spec.
- From an AJAX request or SWF action and page navigation.
- A pluggable way to verify the credential assertion response
- A call with the JSON assertion response to PrivacyIdea
- Using the locally resolvable attributes and a suitable internal library (Yubico works well) to verify the response i.e. abstractly, the signed assertion can be verified with the public key.
- Storage
- PublicKey in COSE format - fixed once registered
- A credential ID - fixed once registered
- A user handle (the same one for each key for a given user). - fixed once registered
- A signature count. - can mutate during authentication.
- If we use PI, do we make a generic integration library for it (or does it have a Java SDK, check) and just use that with the possibility of using more of its auth methods in the future.
...