Specifications Overview

Specification development is a core element of FIDO Alliance’s mission to reduce the world’s reliance on passwords.  Through its technical working groups, the FIDO Alliance publishes specifications in two areas: user authentication and secure device onboarding.  FIDO Alliance also submits mature technical specification(s) to recognized standards development organization(s) for formal standardization.

User Authentication Specifications

The FIDO Alliance has published three sets of specifications for simpler, stronger user authentication: FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework (FIDO UAF) and the Client to Authenticator Protocols (CTAP). CTAP is complementary to the W3C’s Web Authentication (WebAuthn) specification; together, they are known as FIDO2. 

FIDO standards use standard public key cryptography techniques to provide phishing-resistant authentication with cryptographic key pairs called passkeys. FIDO is designed from the ground up to protect user privacy and prevent phishing. Every passkey is unique and bound to the online service domain. The protocols do not provide information that can be used by different online services to collaborate and track a user across the services. Biometric information, if used, never leaves the user’s device.

Read the technical specifications on the specifications download page.

Device Onboarding Specifications

The FIDO Alliance’s FIDO Device Onboard specification is an automatic onboarding protocol for edge nodes and IoT devices.  The FDO protocol is a freely available standard that champions a ‘zero trust’ approach to enable devices to quickly and securely onboard to cloud and edge management platforms. 

Device onboarding is the process of installing secrets and configuration data into a device so that the device is able to connect and interact securely to cloud and edge management platforms. The platform is used by the device owner to manage the device by: patching security vulnerabilities; installing or updating software; retrieving sensor data; interacting with actuators; etc. FDO is an automatic onboarding mechanism, meaning that it is invoked autonomously and performs only limited, specific interactions with its environment to complete. FDO permits late binding of device credentials so that one manufactured device may be onboarded, without modification, to many different platforms.

Credential Exchange Specifications

FIDO Alliance’s credential exchange specifications define a standard format for transferring all types of credentials in a credential manager including passwords, passkeys and more in a manner that is secure by default.

Credential Exchange Format (Working Draft)

This document defines the data structures and format of credentials being securely passed or referenced between two applications during credential exchange. It is used in conjunction with the Credential Exchange Protocol.

HTML

Credential Exchange Protocol (Working Draft)

This document defines a protocol to securely move one or more credentials between two credentials providing applications on the same or separate devices. It is used in conjunction with the Credential Exchange Format.

HTML