SAML 2 is an industry protocol most often used as the basis for implementing Single Sign On (SSO) support. In other words, a single authenticated session that can is shared among several applications. The user benefit, authenticate just once, use many.

Addition of continuous authentication monitoring to the SSO session is very beneficial in avoiding hijacking of the authenticated session and doing so for every application to application switch throughout the session.

The OIDC demo combines demonstration of two protocol standards, OpenID and OAuth 2. OIDC is widely used throughout the industry and in many cases as the basis for Single Sign On (SSO) configurations. At present the SSO configuration remains in development. The current OIDC implementation demonstrates a singular session from Log in to Log out.

As for all protocols supported, OIDC also includes continuous monitoring throughout the authenticated session. You’ll notice that is also on Log out presents a listing of all security events that occurred during the session.

The FIDO2 over Bluetooth is similar to other common solutions. The authenticator communicates with the FIDO Client over the BLE port of the client device. Both the registration and authentication ceremonies are like those common with other solutions such as YubiKey with the exception of needing to pair the cell phone and client device in advance of registration. Once paired, operations are as outlined in FIDO documentation.

Significant features of this FIDO2 implementation are its requirement for subscriber identity verification and its providing continuous authentication monitoring.

Passkey is becoming the most well known and widely used cryptographic authenticator thanks to support from Microsoft, Google, and Apple and the substantial market push by the FIDO Alliance. It’s only natural that AffirmedID, which began its support of the FIDO standards in 2015 would support this format as well.

In the case of Passkey, rather than reinventing that wheel the AffirmedID approach is to adopt use of the Passkey facility on the cell phone by sharing that same platform. In so doing the effort required by service providers is reduced to near zero, Passkey at once becomes available for SSO use both in the SAML and OIDC worlds and most importantly, Passkey now has addition of a continuous authentication monitor feature.