|
Microsoft hasn't gotten their FIDO2-implementation notified as "authentication level high" according to EU eIDAS regulation, so anyone in the EU who wants to use FIDO2 and needs level high will need to have another FIDO2-implementation anyway. We use a level high notified implementation (with yubikey 5-series) for PAM and are in the process of rolling it out to some other user groups this spring.
|
# ¿ Feb 1, 2023 14:49 |
|
|
# ¿ May 14, 2024 16:03 |
|
SlowBloke posted:EIDAS relies on known trust anchors based on conventional certs, fido will never get accepted in any LoA scheme since it would cut current CA providers out. I'm expecting eID ficep nodes to become an auth high anchor well before whitelabel fido keys become the norm. Being Norwegian I don't know about the intra-EU drama, but as I said, we use a commercial FIDO2 notified LoA High from Buypass.no. They claimed to be the first to get there in january 22, I'd have thought there'd be more by now. Anyway, it is doable, at least when it's one of the current CAs like BuyPass that branch out. Google translated press release from last year here: https://www-buypass-no.translate.goog/nyheter/fido2-pa-hoyeste-sikkerhetsniva?_x_tr_sl=no&_x_tr_tl=en&_x_tr_hl=no&_x_tr_pto=wapp
|
# ¿ Feb 1, 2023 16:02 |
|
This is slowly getting better with more wireless stuff like Bluetooth sensors and such. Much of the outdated stuff is because of stringent regulations of "electromedical" devices, that is, stuff connected to the mains on one side, and to a patient on the other. Certifying that gear is expensive as gently caress, so once a hw-configuration is certified it will be static for the lifetime of the device, and not be compatible with newer OSes and such. But with Bluetooth you can air gap the patient from the mains, and thus run the sw on newer devices with less hassle while the patent sensors runs on batteries.
|
# ¿ Mar 2, 2024 18:21 |