Monday, August 10, 2020
I received a newsletter from Okta few weeks ago, and their blog post was talking about WebAuthn. Okta is a company that provides services in IAM (Identity and access management).
WebAuthn is a new (not really that new) W3C (World Wide Web Consortium) recommendation for web authentication using using public key cryptography instead of a password.
It seems similar to https, where the certificate(s) is used for authentication, encryptions and integrity between website and web client, but WebAuthn is between web user and website. Website hold the private key in https case, and user (or user device) hold the private key for WebAuthn case.
I am not sure if WebAuthn will have self-signed or CA (certificate authority) signed concept, just like in https. My main concern is, it must be free. :D
Some articles for further read.