Announcing the New Streamlined and Simplified Metadata Service for Authenticator Vendors and Customers

By Rae Rivera, Ph.D., Director of Certification, FIDO Alliance

The FIDO Alliance today  introduced a significant update to its Metadata Service (MDS). The service provides information about the certification status of authenticators, authenticator capabilities, and any known security issues. The FIDO MDS provides organizations deploying FIDO servers with a centralized and trusted source of information about FIDO authenticators. 

MDS is a web-based repository where vendors can publish metadata about their certified FIDO authenticators. Relying parties use this information  to validate authenticator attestation and prove the authenticity of the device model. 

With over 100 authenticator products on the market today, and demand for strong authentication on the rise, the need for an easy-to-use repository to load and view FIDO Certified authenticators has grown in importance. 

Just last week, the Biden administration mandated multi-factor authentication for all government agencies to thwart phishing attempts and protect against account takeover.  Governments and other regulated industries such as banking and healthcare especially need to know that authenticators being used to access their systems are genuine and meet certain requirements, including FIDO Certification status, compliance and other organizational requirements. The new features in the FIDO MDS allow organizations to more quickly and easily verify the attributes of the FIDO Authenticators being used to log in to their web services and applications. 

Today’s news is significant in several areas:

1. The new MDS has a more efficient and effective user interface that greatly simplifies the uploading and publishing of metadata. 
2. There is a simplified API for relying parties to download metadata.
3. Metadata updates are now available daily instead of monthly, which ensures relying parties have access to the most up-to-date information.
4. The new MDS data format is now a single JSON structure, making it more compatible with standard web development tools. The new MDS format uses human-readable strings instead of numerical values, making it easier to read and understand.
5. The MDS data is now linked to the FIDO Certification program, which will ensure the reliability of the validity of metadata of FIDO Certified products. 
6. The service now uses cloud caching to provide high availability and download performance. 

For more information visit https://fidoalliance.org/metadata/.