As of May 2021, Metadata Service 2 has been deprecated and replaced with Metadata Service 3. To read more about MDS3 it please visit https://fidoalliance.org/metadata. MDS2 will be fully operational for additional 18 months or until October 2022. It is highly encouraged to begin migrating to MDS3.
API
Authorization
MDS2 is using token authorization via GET request. If you have previously had access to MDS2 but lost token, please contact support@mymds.fidoalliance.org.
Obtaining TOC
Latest TOC can be downloaded from https://mds2.fidoalliance.org/?token=your-access-token-string. Replace “your-access-token-string” with your token.
Example(not a valid token): https://mds2.fidoalliance.org/?token=6d6b44d78ThisIsTestToken322d4d4de0000
To find about TOC structure and rules for processing and validation of the MDS TOC in the FIDO Metadata Service specification https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-service-v2.0-id-20180227.html
We use GlobalSign for our PKI, and the root GS-R3 certificate can be found here: https://valid.r3.roots.globalsign.com/
Obtaining individual Metadata files
TOC will contain a list of Entries that have URL parameter. The URLs in the TOC corresponding to each Authenticator will be of the format: https://mds2.fidoalliance.org/metadata/0042%230002. You then need to append your access token: https://mds2.fidoalliance.org/metadata/0042%230002/?token=your-access-token-string
Example(not a valid token): https://mds2.fidoalliance.org/metadata/0042%230002/?token=6d6b44d78ThisIsTestToken322d4d4de0000
The resulting metadata will be Base64URL encoded.
More on rules for processing and validation of the MDS TOC in the FIDO Metadata Service specification https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-service-v2.0-id-20180227.html
To find more about legacy Metadata Statement format https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-statement-v2.0-id-20180227.html
Obtaining access token for MDS2
If your company just recently implemented MDS2 support, and it is crusial for them company to have access to legacy MDS2, please email support@mymds.fidoalliance.org.
Be aware that MDS2 is deprecated and frozen. No new metadata will be added to MDS2. Service will be shut down in October 2022. As of April 2021 MDS3 is in Beta testing, and we will be releasing specification end of May. Stay tuned.
Useful tools
- https://jwt.io/ – Really useful service for JWT decoding and debugging
- https://www.base64decode.org/ – Decoding Base64 to UTF8
- https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-statement-v2.0-id-20180227.html – Legacy Metadata Statement Format Specification
- https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-metadata-service-v2.0-id-20180227.html – Legacy Metadata Service Specification
Legal
- Authenticator Vendor Submission Terms can be found at https://fidoalliance.org/metadata/legacy-mds2/submission-terms
- The Japanese (日本の) version (for reading/reference purposes only) can be found at https://fidoalliance.org/メタデータ提出規約-(認証器ベンダー対象)/?lang=ja
- Usage Terms can be found at https://fidoalliance.org/metadata/legacy-mds2/usage-terms
- The Japanese (日本の) version (for reading/reference purposes only) can be found at https://fidoalliance.org/メタデータ利用規約-(依拠当事者またはサービス/?lang=ja