SID-AUTH-01 — FIDO2/WebAuthn Passwordless Authentication
| Property | Value |
|---|---|
| Owner | platform |
| Category | technical |
| CSF Function | protect |
| Group | Authentication Controls |
Description
All user authentication via FIDO2/WebAuthn (registration + login). Password-based authentication completely removed. Supports discoverable credentials (passkeys), platform authenticators, and roaming authenticators. Implements challenge-response with RP ID validation.
Components
Source References
go-wallet-backend/handlers.gogo-webauthn library
Framework Requirements
EUDI Security Requirements: WUP-8.2.3-Fun-09, WUH-8.3.1-Sec-01, WUH-8.3.1-Sec-02, WIN-8.4.2-Sec-02, WIN-8.4.4-01, WSA-8.5-08, CS-I.3-WUS, CS-I.3-Prov
FitCEM Wallet Instance: FIT-DS-10, FIT-AU-03
ISO 27001 Annex A: A.5.15, A.5.16, A.5.17, A.8.5
OWASP ASVS 4.0.3 Level 3: V1.2, V2.2, V2.3
STRIDE Threat Model: WF-S-1, WF-S-2, WB-S-2, WB-S-3, VC-S-2, FT-S-1