We’re excited to announce updates to the FIDO Metadata Service (MDS), which helps ensure organizations have the information necessary to successfully validate authenticators. As organizations deploy passkeys and FIDO authentication, it is critical to validate trusted, certified authenticators.
This is especially useful to deploying organizations in regulated industries and organizations handling sensitive data. These organizations can use MDS to verify that accepted authenticators meet certain criteria, such as FIDO L1, L2 and L3 certifications for compliance, as well as leverage security issue notifications to determine suitable responses.
To support the continued evolution of the FIDO ecosystem, we have released an update to the MDS that provides new tools for relying parties (RPs) to verify authenticator compliance, improve interoperability and life cycle management, while enhancing the user experience. This includes several substantial enhancements to the existing service:
- Standardized Security Policy Enforcement: RPs can now ensure the correct level of FIPS compliance by verifying that authenticators meet their exact security criteria before granting access.
- Streamlined Cross-Provider Integration: RPs can dynamically discover and retrieve detailed information about the passkey provider’s Credential Exchange (CX) definitions, streamlining the process of cross-provider communication and setup.
- Authenticator Lifecycle Management: The addition of a new “retired” authenticator status value to accurately reflect MDS entries that are no longer actively supported or recommended for use. This status will help RPs maintain secure and up-to-date deployment strategies by clearly flagging deprecated metadata.
- MDS Version Check: Cuts processing times by introducing localCopySerial, a new parameter that can be specified to only return metadata if a new version of the MDS BLOB is available.
In addition to these MDS updates, the FIDO Alliance also launched a new Convenience Metadata Service. This enables RPs to offer a consistent user experience so that end-users see the same presentation of their passkeys, no matter which service or platform they’re using, to simplify the process of selecting and managing their credentials. This includes standardized, user-friendly names for passkey providers, and high-quality logos for RPs to use in user interfaces and presentation layers.
The updated FIDO MDS and the new Convenience Metadata Service are now live. For more information, visit https://fidoalliance.org/metadata/. For technical questions, implementation guidance, or inquiries regarding the new MDS versions or the Convenience Metadata Service, please reach out to support@mymds.fidoalliance.org.
