U2F, OIDC Team Up For Strong Authentication, Federation

July 15, 2016 2 minute read

The New York Times sits elegantly secured behind authentication technology that combines a U2F-enabled YubiKey and standardized identity federation built on OpenID Connect (OIDC).

It’s a colorful twist for a newspaper first published in 1851 and famously known as The Gray Lady. But linked with Google and Yubico, the trio is part of an identity federation that relies on strong authentication to protect access to the online version of the newspaper.

Identity federation is the process of logging in to a single identity provider (in this case, Google) and then navigating to other sites (for example, The New York Times) without having to log in again. The YubiKey and FIDO U2F secure the identity provider login using public key cryptography, while OIDC takes care of the trusted and federated relationship between Google and The New York Times.

OIDC is an identity federation standard that we profiled along with FIDO U2F last year to show how the pair solves a wider range of authentication challenges than either technology could on its own. Yubico is also a member of the OpenID Foundation, which is the creator of OIDC, and is actively exploring how U2F plays with other standardized identity technology.

Watch this video to see federated identity with a YubiKey in action. It’s impossible to see identity federation working under the covers in this scenario, but the simplicity and security should be clearly evident. And really, that’s the desired user experience.

How to: Login with FIDO U2F and OpenID Connect from Yubico on Vimeo.