WebAuth
This is the background story. For a better understanding, read also the developer tutorial and OpenID X509 ID Token specification
The purpose of this effort is to define a simple challenge-response authentication mechanism for PKI (X509) roll-outs, with a standardized token format for transporting the claim and a standard API for website developers to request for that authentication token, to overcome a set of issues present with client certificate authentication in the web context.
For various reasons (poor UX, ignorance from browser vendors, missing support on mobile platforms, server configuration complexity etc) using TLS CCA (Client Certificate Authentication) for end-user authentication with eID smart cards is not feasible in the long run, even if this type of session establishment has desirable security properties (like implicit MITM protection via mutual authentication).
Current alternative efforts that have potential horizontal reach, seem to focus around IdP-s (3rd party on-line service providers, OAuth etc), XML based schemes (SAML2, ISO 24727 etc), low level "PKCS#11 style API-s" or require an all-in commitment to a very different scheme like FIDO. Initiatives like WebCryptoAPI have failed to deliver, no support for existing infrastructure (hardware tokens with pre-distributed, cross-origin keys) is planned.
Having simple, web-scale implementations means omitting overly complex architectures and XML in favour of JSON and one of the requirements for a fail-safe solution is to be able to function in a "peer to peer" fashion, without a dependence on an on-line third party.
The situation is comparable with the mess of online signature schemes, a fragmented zoo (retired Java applets, ActiveX components, NPAPI plugins, native messaging extensions, localhost services etc, all with different interfaces on different platforms) where there do exist implementations right now that implement some sort of authentication capabilities, but there is no visible standardisation effort, thus the inevitable NASCAR problem
Thus it seems sensible to define a challenge-response authentication scheme that relies on client-side capability of providing JWT ID tokens with authentication information to websites, and to define requirements for client-side and server-side implementations.
This does make the server-side a bit more complex, but also more transparent, as the authentication step is more explicit than with TLS, which is often implemented implicitly in an off-loading appliance and not in the application domain itself.
The outcome of this effort will be a JavaScript library/API for website developers to call, to get browser extension generated JWT ID tokens, signed by PKI eID smart cards with X509 certificates. Similar tokens could be issued by a locally running self-hosted OpenID Connect provider
The scheme has comparable security to Mobile-ID authentication, with similar challenges (proper session management). Usability is even better, because does not require matching of the control code and the token by definition includes values to be generated and checked by the RP (unlike the DigiDocService interface for Mobile-ID).
In fact, the same token format could should be used for Mobile-ID.
Challenge-response, based on PKI, with various "assertion serialisation formats".
- NOTE: Not really a PKI based challenge-response, but included here for legacy reasons
- Specification https://partners.lhv.ee/en/banklink/#authentication-queries
- Request HTTP POST https://partners.lhv.ee/en/banklink/#authentication-query-4012-replacing-query-4002-
- Response HTTP POST https://partners.lhv.ee/en/banklink/#response-query-3013
- TL;DR: RP gives a nonce (up to 50 bytes) and the response from the bank (TTP) will contain user information and nonce, signed by the bank. No client key related information involved in the response, except VK_TOKEN == 1 (for ID-card) or 2 (for Mobile ID)
- Overview http://sk-eid.github.io/dds-documentation/api/api_docs/#authentication-api
- Request http://sk-eid.github.io/dds-documentation/api/api_docs/#query
- Response http://sk-eid.github.io/dds-documentation/api/api_docs/#response_1
- Origin-binding is done by end user based on a 4 digit checksum (ChallengeID) and contractual relations
- TL;DR: RP gives up to 10 bytes of randomness, TTP adds another 10 and returns the combined challenge to RP. Successful authentication token is the combined "nonce" wrapped in an almost-standard RSA (PKCS#1) or ECDSA signature. Verification is the verification of signature and nonce + certificate checks
- Request https://github.com/SK-EID/smart-id-documentation#444-authentication-request-parameters
- Response https://github.com/SK-EID/smart-id-documentation#464-response-structure
- Verification procedure https://github.com/SK-EID/smart-id-documentation#61-authentication-protocol
- Origin binding is done by end user based on a 4 digit checksum calculated based on input nonce
- TL;DR: take at least 64 bytes of random data and "cast to a SHA-2" nonce. Successful token is PKCS#1 signature in the form of shaXXXWithRSAEncryption. Verification is the verification of the nonce in the signature + certificate checks
- Request https://www.w3.org/TR/webauthn/#sec-client-data and https://www.w3.org/TR/webauthn/#op-get-assertion
- Response https://www.w3.org/TR/webauthn/#authenticatorassertionresponse
- Verification procedure: https://www.w3.org/TR/webauthn/#verifying-assertion
- Facilitated by the user agent, origin binding is implicitly done by the UA
- TL;DR: RP provides a challenge (base64 encoded) which is enriched by the UA to a JSON format, then hashed, then concatenated with some data from the authenticator and then signed.
- Undefined raw access to authentication key for signing something.
- No defined inputs nor no defined way of interpreting the output
- http://www.browserauth.net/
- OpenID Connect core spec
- http://webpki.org/papers/PKI/webauth.pdf
- eIDAS SAML2.0 based message format https://joinup.ec.europa.eu/sites/default/files/eidas_message_format_v1.0.pdf
- RFC 7519
- RFC 7800
- https://www.w3.org/2012/webcrypto/webcrypto-next-workshop/papers/webcrypto2014_submission_8.pdf
- https://firebase.google.com/docs/auth/admin/verify-id-tokens
- FIDO AKA WebAuthentication https://www.w3.org/TR/webauthn/
- WebSec Hardware Based Secure Services features https://rawgit.com/w3c/websec/gh-pages/hbss.html