The FIDO Alliance Metadata Service (MDS) is a centralized repository of the Metadata Statement that is used by the relying parties to validate authenticator attestation and prove the genuineness of the device model. MDS also provides information about certification status of the authenticators, and found security issues. Organizations deploying FIDO Authentication are able to use this information to select specific certification levels as required for compliance, and work through the security notifications to ensure effective incident response.
The latest update to MDS (version 3.0) features an improved user interface and improved metadata publication time for vendors, and easier download of the metadata TOC blob for deploying organizations.If you are looking for Legacy MDS2 documentation, you can find it here: https://fidoalliance.org/metadata/legacy-mds2
Who should be using Metadata Service?
The metadata service provides organizations deploying FIDO Authentication with a centralized and trusted source of information about FIDO authenticators. MDS and attestations are especially helpful for deploying organizations in particular types of industries, including regulated industries (government, federal agencies, banking and healthcare organizations for example) and/or organizations handling sensitive data (media companies, R&D institutions, corporations, etc). These types of organizations should leverage MDS to verify that accepted authenticators meet certain criteria, such as FIDO L1, L2 and L3 certifications for compliance, as well as leverage security issue notifications to determine suitable responses.
An organization deploying FIDO and leveraging MDS should keep its metadata database up-to-date to ensure it has the latest information about new authenticators, including their certification status, and protect itself against vulnerabilities in trusted authenticators.
API
Authorization
Downloading the MDS3 BLOB does not require authorization
Obtaining BLOB
The latest BLOB can be downloaded from https://mds3.fidoalliance.org/
There is no need to download individual metadata anymore. The new MDS3 BLOB contains ALL metadata statements in one JSON file.
For our PKI We use GlobalSign. The root GS-R3 certificate can be found here: https://valid.r3.roots.globalsign.com/
FAQ
How often should I be fetching MDS3 blob?
We suggest downloading the BLOB once a month and then caching its content because the MDS data does not change often.
Do I need an access token?
No, you do not.
Do I need to register with MyMDS to get access to BLOB?
No, you do not.
Useful tools
Specifications:
- https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html
- https://fidoalliance.org/specs/mds/fido-metadata-statement-v3.0-ps-20210518.html
- https://jwt.io/ – Really useful service for JWT decoding and debugging
- https://www.base64decode.org/ – Decoding Base64 to UTF8
Legal
Please see the MDS Legal Terms.
For assistance on the FIDO Alliance Metadata Service, reach out to support@mymds.fidoalliance.org.