Metadata Service

FIDO Alliance Metadata Service
The FIDO Alliance Metadata Service (MDS) is a web-based tool where FIDO UAF and U2F authenticator vendors can publish metadata statements for FIDO UAF and U2F servers to download. This provides organizations deploying FIDO UAF and U2F servers with a centralized and trusted source of information about FIDO UAF and U2F authenticators. The MDS service presently supports both FIDO UAF and U2F.

FIDO MDS Purpose
The universe of FIDO UAF and U2F authenticators is dynamic. Vendors are frequently releasing new authenticators or updating existing ones. In addition, vulnerabilities may be discovered in existing authenticators, requiring that their use be limited or phased out.

FIDO UAF and U2F servers can validate the integrity of a device population by periodically downloading a digitally signed metadata Table of Contents (TOC) file containing URLs used to verify individual metadata statements.

An organization deploying FIDO UAF and U2F should keep its metadata database up-to-date to ensure it has the latest information about new authenticators, including their certification status, and protect itself against vulnerabilities in trusted authenticators.

MDS Terms
You must read and agree to the Metadata Service Terms before accessing the following URLs.

URLs:

  1. For UAF Authenticator Vendors: To be able publish a metadata statement, a vendor must first get a Vendor ID issued by the Alliance. Once a vendor has a Vendor ID they are allowed to access a self-service web portal to publish and manage their metadata statements at https://mymds.fidoalliance.org
  2. For Relying Parties and FIDO Server vendors:
    1. The digitally signed metadata TOC document is published in Javascript Web Token (JWT) form at https://mds.fidoalliance.org
    2. To verify the digital signature of the TOC document, the root certificate from the FIDO alliance is available at https://mds.fidoalliance.org/Root.cer
    3. To validate the digital certificates used in the digital signature, the certificate revocation information is available in the form of CRLs at the following locations
      http://mds.fidoalliance.org/Root.crl
      http://mds.fidoalliance.org/CA-1.crl