Product Documentation
Reasonably secure policy:
- Requires specific Authenticators
- Requires user presence
- Requires a restricted algorithm: ECDSA
- Cannot use NONE or SELF attestation
Please follow this link to learn more about the FIDO Policy definitions.
{
"FidoPolicy": {
"name": "ModerateSKFSPolicy-SpecificSecurityKeys",
"copyright": "StrongAuth, Inc. (DBA StrongKey) All Rights Reserved",
"version": "2.0",
"startDate": "1695937015",
"endDate": "1760103870871",
"system": {
"did": 2,
"requireCounter": "mandatory",
"integritySignatures": true,
"userVerification": ["preferred"],
"userPresenceTimeout": 60,
"allowedAaguids": ["95442b2e-f15e-4def-b270-efb106facb4e", "87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c", "95442b2e-f15e-4def-b270-efb106facb4e", "87dbc5a1-4c94-4dc8-8a47-97d800fd1f3c", "da776f39-f6c8-4a89-b252-1d86137a46ba", "e3512a8a-62ae-11ea-bc55-0242ac130003", "cb69481e-8ff7-4039-93ec-0a2729a154a8", "ee882879-721c-4913-9775-3dfcce97072a", "fa2b99dc-9e39-4257-8f92-4a30d23c4118", "2fc0579f-8113-47ea-b116-bb5a8db9202a", "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "cb69481e-8ff7-4039-93ec-0a2729a154a8", "ee882879-721c-4913-9775-3dfcce97072a", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "cb69481e-8ff7-4039-93ec-0a2729a154a8", "ee882879-721c-4913-9775-3dfcce97072a", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "cb69481e-8ff7-4039-93ec-0a2729a154a8", "ee882879-721c-4913-9775-3dfcce97072a", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "2fc0579f-8113-47ea-b116-bb5a8db9202a", "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "c5ef55ff-ad9a-4b9f-b580-adebafe026d0", "85203421-48f9-4355-9bc8-8a53846e5083", "f8a011f3-8c0a-4d15-8006-17111f9edc7d", "b92c3f9a-c014-4056-887f-140a2501163b", "6d44ba9b-f6ec-2e49-b930-0c8fe920cb73", "149a2021-8ef6-4133-96b8-81f8d5b7f1f5"],
"transport": ["usb", "internal"]
},
"crossOrigin": {
"enabled": false,
"allowedOrigins": []
},
"algorithms": {
"curves": ["secp256r1", "secp384r1", "secp521r1", "curve25519"],
"rsa": ["none"],
"signatures": ["ES256", "ES384", "ES512", "EdDSA", "ES256K"]
},
"attestation": {
"conveyance": ["direct"],
"formats": ["packed"]
},
"registration": {
"displayName": "required",
"attachment": ["cross-platform"],
"discoverableCredential": ["preferred", "discouraged"],
"excludeCredentials": "enabled"
},
"authentication": {
"allowCredentials": "enabled"
},
"authorization": {
"maxdataLength": 256,
"preserve": true
},
"rp": {
"id": "strongkey.com",
"name": "FIDOServer"
},
"extensions": {},
"mds": {
"authenticatorStatusReport": [{
"status": "FIDO_CERTIFIED_L1",
"priority": "1",
"decision": "IGNORE"
}, {
"status": "FIDO_CERTIFIED_L2",
"priority": "1",
"decision": "ACCEPT"
}, {
"status": "UPDATE_AVAILABLE",
"priority": "5",
"decision": "IGNORE"
}, {
"status": "REVOKED",
"priority": "10",
"decision": "DENY"
}]
},
"jwt": {
"algorithms": ["ES256", "ES384", "ES521"],
"duration": 30,
"required": ["rpid", "iat", "exp", "cip", "uname", "agent"]
},
"signcerts": {
"rootca": {
"subjectdn": "CN=StrongKey FIDO Server RootCA,OU=DID 2,O=StrongKey",
"serialnumber": "966833650",
"pemcert": "-----BEGIN CERTIFICATE-----MIICVjCCAbWgAwIBAgIEOaC18jAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NDU4WhcNMjQwOTI1MTg1NDU4WjBLMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMSUwIwYDVQQDExxTdHJvbmdLZXkgRklETyBTZXJ2ZXIgUm9vdENBMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQB0zpNIsimSU09AMnhnBtrI9ieZAPBB7ed+M7mT6wLRBwh1w3u5vY5gCCSXF5v+8qQX/w4lyhMg3/Tb6rhuTlTA4oAmywJoVqSUNhqUixR5i+TkGKyegKFdYCkjHdUFZnSZG50ng/yJwQ+Lw8SBoXMlYNX9FGZ5lFC6l38zugv9q2eUvSjQjBAMB0GA1UdDgQWBBQhNFLnGzYBNsZC+xdY2F0Pg3uSSTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAMBggqhkjOPQQDBAUAA4GMADCBiAJCAJydqJ6vL0ZA4pIaeANY7ZP/+OvEwdtJXE7BEc9c+m4/Pyrl5IEUBoDmosv3ENUyHilDXaGw0baSyv2dpy8Vj5p1AkIAjRuloCmniV1DeS2Ap8Xl9F/8Q6H0/M3HgxjPL6BLCaib+5VH2+Vs8kvYEHrhNN5biFSDlBaOVNvAZ39QeuHCn1Y=-----END CERTIFICATE-----",
"jwtcerts": {
"default": [{
"subjectdn": "CN=SKFS JWT Signer 1,OU=DID 2,O=StrongKey",
"serialnumber": "1107337789",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEQgCiPTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NTA5WhcNMjQwOTI1MTg1NTA5WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABF6Pxbv9rmD+n3GHpLZ7wKT0b5lFvDCiR5sg/gN/CYUoNX+umh0Eu0Do51e093dWB2bLhu62tAMnxhAMsI9KXkajQjBAMB0GA1UdDgQWBBQlMnUN0A6oOSFusz9hbjo3qSaKIDAfBgNVHSMEGDAWgBQhNFLnGzYBNsZC+xdY2F0Pg3uSSTAMBggqhkjOPQQDBAUAA4GLADCBhwJCAJMOwAMF/5AO6Co+CNtweDC1+rc/jKWUCOF+qeksZU6tatshJ+MKQgrs1ICj+JigzeyL2L4+h4NCNbOvf8zxdSL/AkF8gO0JXUkzyvRNubX9w7PmQrXWTERGMwQyJj6MXeisnEhMBSKuM7gMOw0PjGwm5oWBlkXHyiltiRoJbV5BNQJlAA==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 2,OU=DID 2,O=StrongKey",
"serialnumber": "2101309585",
"pemcert": "-----BEGIN CERTIFICATE-----MIICBzCCAWegAwIBAgIEfT9wkTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NTI2WhcNMjQwOTI1MTg1NTI2WjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKpIhaiWiDnZuQ76pY8I3ifDZLaqr1Dy7pA+I6gdFNdCUpbjNmVbsCRc081u0TjWc8DcKgk4OyYZvbw0wFsAVwCjQjBAMB0GA1UdDgQWBBSpNTpKeCE3Dhj72tpCdfZe0hEEgzAfBgNVHSMEGDAWgBQhNFLnGzYBNsZC+xdY2F0Pg3uSSTAMBggqhkjOPQQDBAUAA4GLADCBhwJBVJmLCNHVpsdKnhBIMNqq/1chmxOqfWM6wQDsRnFNsYUrM7hqftzqhtOUZ8avAkbxUbSYXhzzGLuFS8Pn9nFQKPECQgD2k0NoK4dnGqCBSaRfuP7VSXLoSGYpnIGB+/aXM8jt+WnLWTC7Ksme7u3eg4Mb3wL2Qv8E+MJ5sxRKA/PJZ6NDww==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS JWT Signer 3,OU=DID 2,O=StrongKey",
"serialnumber": "792215179",
"pemcert": "-----BEGIN CERTIFICATE-----MIICCDCCAWegAwIBAgIELzg+izAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTg1NTQyWhcNMjQwOTI1MTg1NTQyWjBAMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRowGAYDVQQDExFTS0ZTIEpXVCBTaWduZXIgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMjNCbEa1cdFKSLUIdLuivEI2fnfHdQFE2JtrzPF+8Cx50lYrJyt/QcNjyhthYlOsa+vQnpKGrnRbXHgs1HDteqjQjBAMB0GA1UdDgQWBBR0JaTIf6DIIu2A2lBVX8UWr3882TAfBgNVHSMEGDAWgBQhNFLnGzYBNsZC+xdY2F0Pg3uSSTAMBggqhkjOPQQDBAUAA4GMADCBiAJCAPUkqitUDRHGgoK/X4+8aldxcAiDEWAbJffezWWJJSDRJ8BhQmAnxbF8Ikzn1PTR7C9mMXAHpFthXys7u0b78khdAkIBfhQWZ13Iyb0Fw84PnSYVQ+9gkYwjYzRcyDcz128O/P4LCu6tY10C5Uso+cY+wwJRUs9Y4ZKOhpVJ0Eeojov9G40=-----END CERTIFICATE-----"
}]
},
"samlcerts": {
"default": [{
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 2,O=StrongKey",
"serialnumber": "1622897281",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEYLtygTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMzE5WhcNMjQwOTI1MTkwMzE5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi0y47N/ZumEGqd/X8utM4iwasEjmaXuJ9BsiqTAg3XLAjqADlwQPgkA5agmeaXM/LxKZhjrKLPbsAC21H/+r8EZqU/0c++joFf3xcGzrgNjUMDZZXw1neBRVDC2UQIpBemKnpTu5uXuSJtyy8hUZGkdy4YJ8DBBmnqSu3o/g8QkN9rDbP8Epxu22QCsAvCYBFtB7dCHn/F3tBOu7L20pLjC0fnq8D2yCi7u0A1SEW6a/wUv5DKZUKzhUoE0kgpRkcdKomfHO3KdQvTlRaNr6ms+JK80WykuDAPH0kltoYrb1Ps9hoIexM559Ll7jUV9mNA+ruAD+ik8eh9mP6ysFDAgMBAAGjUjBQMB0GA1UdDgQWBBQ15x7qOBJMXX1qXOvbJF5RAiBYQTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUITRS5xs2ATbGQvsXWNhdD4N7kkkwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgHUd8g0F5EUsVoZknu+U0pnqp11FFyTVIY6Vm5ArFianibrxOyi9HOyEZJI0cJ6oHBdRGX9qfcEu+e7otqGgC0ifAJCAQCzfYLIx4zkJookUbIpGeoBy7NkvPhZcVx2d61t87nf9p28KTcbQFKfJ4V6NjLdsLPURJFIqv5SGV4EmXRdu1sJ-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 2,OU=DID 2,O=StrongKey",
"serialnumber": "545139680",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4jCCAkOgAwIBAgIEIH4r4DAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMzM1WhcNMjQwOTI1MTkwMzM1WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQReLSltfgEd6Tb0YyhWDb+LWtr83rifGgbWJSlhXyDe75cNVVwfBx+UBOJ9vGnboQ1QLw39oVKz7BFsSUflIfZOBrCfvLvHmqYmgWCAYUasv8I/WgyPTNqzw3yPjgNO4aU04LMTKSJTks1dL8a4/MLgka7SpWqVal9sETFlaGOOiR9ULgaRpLMJj8cKV3lF0C2KOGTbVAOO5pL4v/ntWw8iLF+Zf6Lcbs8JR0OOdQcGUDnnIovNxDJotz+7ADRyAkDjOHK6Lime45REpaYWi/z0FA8XKzeFc3VPfOQiHyY3V3lXajp8e44ASmJAQH1mq5rdnwVV626hG3tFB2fFdpAgMBAAGjUjBQMB0GA1UdDgQWBBT9CeVpOJRfPzeOD9kcwuccBJjXIzAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUITRS5xs2ATbGQvsXWNhdD4N7kkkwDAYIKoZIzj0EAwQFAAOBigAwgYYCQXTmsfj1obT2t9QUNZL7udDT7+ujqQNKXd7hy3PBf11QnyNeVgCh3Wz76VbtAskuUHU8csMAopkIobQxCsf/LRH7AkEiIDuJOMVD0O3ZaihpiH8OYJj6H0hYaB6ZdPl74b/oz6HHBRAgtCbpJDPTXCym+0xyPomIgs//w1b/t0Tbs0LLpg==-----END CERTIFICATE-----"
}, {
"subjectdn": "CN=SKFS SAML Signer 3,OU=DID 2,O=StrongKey",
"serialnumber": "1212647705",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC4zCCAkOgAwIBAgIESEeJGTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMzUxWhcNMjQwOTI1MTkwMzUxWjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGFSYbDoiQvgMFsNXnIKnSxB43/U2IK3qqi4IGsp6r3QKTqqmT+z7iuVy+XBGyALHgFC2YBsuv+JJAWSMmlRKLOyDjET3z8ePfo46Jj6b7Vye6GDEcHcCac9K0MrHbkK9EK3hL/uQWJ7CkZpbCnPN2MrETorJtK47/oorqGHKSSjCH4FesgJ7jPkZeYgG/9VRXETOee5ReY7UEGTqVwqgCOQW5eaEx5xvgC7wV0z4iZ5k422ur4WZbcWdBhkCzS054jv+KjQiAVAxmr2YeDZUFYprCF4QkiKtYtsqI6kZpb/keVZ0sKtEzhaY2/bMviKBA4Nv00PO3nbkGFdqInvr3AgMBAAGjUjBQMB0GA1UdDgQWBBT4djTWYP8RGACnUCqdF/xuvRmBlDAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUITRS5xs2ATbGQvsXWNhdD4N7kkkwDAYIKoZIzj0EAwQFAAOBiwAwgYcCQgCLUUiFfNiVEz6SM4qYCE7ZBX2LKJKoDVFYv6foYZJOEoHDroSVwbtmdxe4dqAHYQO0eTBIJC21e+QRnFNrLed/MwJBNzAVug6dZ11Mhjmq43JA1UrwKqJIdCOIJG933zyUnqoDuy1IYNSlcEMRLvqHW7Rnm7Yl1j9f3azFW809MPlqMoM=-----END CERTIFICATE-----"
}],
"citrixidp": {
"subjectdn": "CN=SKFS SAML Signer 1,OU=DID 2,O=StrongKey",
"serialnumber": "1622897281",
"pemcert": "-----BEGIN CERTIFICATE-----MIIC5DCCAkOgAwIBAgIEYLtygTAMBggqhkjOPQQDBAUAMEsxEjAQBgNVBAoTCVN0cm9uZ0tleTEOMAwGA1UECxMFRElEIDIxJTAjBgNVBAMTHFN0cm9uZ0tleSBGSURPIFNlcnZlciBSb290Q0EwHhcNMjMwOTI2MTkwMzE5WhcNMjQwOTI1MTkwMzE5WjBBMRIwEAYDVQQKEwlTdHJvbmdLZXkxDjAMBgNVBAsTBURJRCAyMRswGQYDVQQDExJTS0ZTIFNBTUwgU2lnbmVyIDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi0y47N/ZumEGqd/X8utM4iwasEjmaXuJ9BsiqTAg3XLAjqADlwQPgkA5agmeaXM/LxKZhjrKLPbsAC21H/+r8EZqU/0c++joFf3xcGzrgNjUMDZZXw1neBRVDC2UQIpBemKnpTu5uXuSJtyy8hUZGkdy4YJ8DBBmnqSu3o/g8QkN9rDbP8Epxu22QCsAvCYBFtB7dCHn/F3tBOu7L20pLjC0fnq8D2yCi7u0A1SEW6a/wUv5DKZUKzhUoE0kgpRkcdKomfHO3KdQvTlRaNr6ms+JK80WykuDAPH0kltoYrb1Ps9hoIexM559Ll7jUV9mNA+ruAD+ik8eh9mP6ysFDAgMBAAGjUjBQMB0GA1UdDgQWBBQ15x7qOBJMXX1qXOvbJF5RAiBYQTAOBgNVHQ8BAf8EBAMCB4AwHwYDVR0jBBgwFoAUITRS5xs2ATbGQvsXWNhdD4N7kkkwDAYIKoZIzj0EAwQFAAOBjAAwgYgCQgHUd8g0F5EUsVoZknu+U0pnqp11FFyTVIY6Vm5ArFianibrxOyi9HOyEZJI0cJ6oHBdRGX9qfcEu+e7otqGgC0ifAJCAQCzfYLIx4zkJookUbIpGeoBy7NkvPhZcVx2d61t87nf9p28KTcbQFKfJ4V6NjLdsLPURJFIqv5SGV4EmXRdu1sJ-----END CERTIFICATE-----"
}
}
}
}
}
}
To learn more about the SKFS FIDO Policy, check out the SKFS FIDO Policy JSON Schema.