Home Community Discussion Forums Most Active Software Boards LabVIEW Topic

LabVIEW

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authentication to Web Services by U2F

Authentication to Web Services by U2F

‎02-08-2015 11:11 AM

I am implementing a medical device trial using Web Services as the back end server. The client is written in Python and executes on a Raspberry Pi. It sends data to the server, gets an answer, and administers a drug to a patient based on the answer. This needs to be done in the presence of a coinvestigator, who will have specialized skills to assure patient safety and data integrity. I'd really like to assure that only coinvestigators can use the client, so second factor identification would seem mandatory. There are some inexpensive devices, such as the FIDO U2F Security Key, that seem to fit the bill. I already know how to use the Web Services API Key, but this seems significantly less secure than U2F, as the secretID is embedded in the code. What would be really nice would be a way to use U2F as an alternate authentication scheme for Web Services. Ideally, baked in by NI.

 

Thoughts?

 

View All (3)
0 Kudos
Message 1 of 5
(3,251 Views)
Reply

Re: Authentication to Web Services by U2F

‎02-09-2015 04:54 PM

I believe you want to use a 2-Factor for Authorization to a Web Service / REST API that uses OAuth and/or Client Secrets. FIDO U2F and FIDO UAF are specifically designed for Authentication. They do not address the API Authorization piece. 

0 Kudos
Message 2 of 5
(3,206 Views)
Reply

Re: Authentication to Web Services by U2F

‎02-09-2015 05:47 PM

I'm open to suggestions. My only requirement is that only someone who has the hardware key can access the server. Apologies for poor choice of jargon; "I'm a doctor, Jim, not an English professor!" 

0 Kudos
Message 3 of 5
(3,199 Views)
Reply

Re: Authentication to Web Services by U2F

‎02-09-2015 09:02 PM

I haven't seen any Web Service / REST API that implements 2-Factor for API authorization. Not to say that it is not possible, but something like this would be very customized and the client app would have to properly designed with proper security controls. 

0 Kudos
Message 4 of 5
(3,185 Views)
Reply

Re: Authentication to Web Services by U2F

‎02-18-2015 09:56 AM - last edited on ‎01-12-2025 05:15 PM by Member

Hi jemandel,

 I am not very sure what you mean. I do not understand very well if you want to change your Python program to a LabVIEW program that uses Web Services or if you are looking into hardware that can work for this application.

LabVIEW have features that can help you. You might be able to find information on the following links:

https://knowledge.ni.com/KnowledgeArticleDetails?id=kA00Z0000019LgPSAU&l=en-US

https://www.ni.com/docs/en-US/bundle/labview/page/configure-web-services-security-view.html

https://www.ni.com/docs/en-US/bundle/labview/page/tutorial-creating-and-publishing-a-labview-web-ser...

 

If you require hardware, my recommendation is to look into www.ni.com/products.

Please let me know if I misunderstood your question.

 

Luis C.

National Instruments

0 Kudos
Message 5 of 5
(3,113 Views)
Reply