W3C Web Authentication API

Strong authentication on the Internet is of increasing importance to ensure secure access to websites of different service providers. At present, most authentications are still based on passwords and offer little protection since they can be guessed, forgotten or stolen.

The World Wide Web Consortium (W3C) has developed a standard for a Web Authentication API based on the FIDO 2.0 specifications. This standard provides secure authentication to web application developers, through a standardized API that provides cryptographic operations that enable the creation and use of strong, attested, cryptographically calculated credentials by web applications to authenticate users . Through this project, the extent to which the Web Authentication API could be used in Austrian e-government has been evaluated. Possible areas of application would be, among others, the integration of web authentication into the authentication process when registering at online services of authorities, using the chip card-based citizen card or mobile phone signature.
Download Report:
Scroll forward in category General eGovernment infrastructure