ATARC Derived FIDO2 Credentials (DFC) Lab

ATARC is a non-profit organization that provides a collaborative forum for Federal government, academia and industry to identify, discuss, and resolve emerging technology challenges.

ATARC’s Identity Management Working Group is currently focused on and requesting vendor demonstrations to show the feasibility of the issuance and lifecycle management of a Derived FIDO2 Credential (DFC) based upon previous guidance for the issuance of X.509 based Derived PIV Credentials.

By leveraging this workflow, vendors will demonstrate how to assert organizational attestation of the FIDO2 hardware token, strong identity binding tying a user’s existing PIV or CAC smartcard to the issuance of the DFC, and leveraging attribute based access control (ABAC) to provide attestation of the assurance level of the DFC during authentication. These controls are established practices that minimize the risk of impersonation, and allow for managing which resources an End User can interact with while leveraging a DFC. Currently, no such guidance exists for the issuance and management of FIDO2 credentials, and enterprise use of these credentials has been limited for this reason.

The Working Group Leadership includes:

Ross Foard, Working Group Government Chair, CISA

Cheryl Jenkins, Working Group Government Vice Chair, GSA

Kelvin Brewer, Working Group Industry Co-Chair, ForgeRock

Bryan Rosensteel, Working Group Industry Co-Chair, Ping Identity

David Treece, Industry Co-Vice Chair, Yubico

Brian Dack, Industry Co-Vice Chair, Okta

Gurpreet Manes, Industy Co-Vice Chair, ImproveID

Please view the full Request for Demonstrations document by clicking on the button below, and submit your interest form here.

ATARC DFC Lab Participation Process

    • Initiate intake process by filling out the form below
    • Participate in a vendor kick-off call
    • Prepare an up to 30-min demonstration (live demo, slide materials and/or video)
    • Vendor must demonstrate all three capabilities (DFC Issuance, DFC Lifecycle Management, and DFC Authentication). Multi-vendor collaboration is expected to accomplish this.
      • Only one vendor is required to register.

ATARC Derived FIDO2 Credentials Lab Intake Form

Read more in Section 6: Capabilities Demonstration, in the Request for Demonstrations