FIDO Alliance Metadata Service
The FIDO Alliance Metadata Service (MDS) is a centralized repository of the Metadata Statement that is used by the relying parties to validate authenticator attestation and prove the genuineness of the device model. MDS also provides information about certification status of the authenticators, and found security issues. Organizations deploying FIDO Authentication are able to use this information to select specific certification levels as required for compliance, and work through the security notifications to ensure effective incident response.
The latest update to MDS (version 3.0) features an improved user interface and improved metadata publication time for vendors, and easier download of the metadata TOC blob for deploying organizations.If you are looking for Legacy MDS2 documentation, you can find it here: https://fidoalliance.org/metadata/legacy-mds2
Who should be using Metadata Service?
The metadata service provides organizations deploying FIDO Authentication with a centralized and trusted source of information about FIDO authenticators. MDS and attestations are especially helpful for deploying organizations in particular types of industries, including regulated industries (government, federal agencies, banking and healthcare organizations for example) and/or organizations handling sensitive data (media companies, R&D institutions, corporations, etc). These types of organizations should leverage MDS to verify that accepted authenticators meet certain criteria, such as FIDO L1, L2 and L3 certifications for compliance, as well as leverage security issue notifications to determine suitable responses.
An organization deploying FIDO and leveraging MDS should keep its metadata database up-to-date to ensure it has the latest information about new authenticators, including their certification status, and protect itself against vulnerabilities in trusted authenticators.
MDS3 BLOB does not require authorization
Latest BLOB can be downloaded from https://mds.fidoalliance.org/
There is no need to download individual metadata anymore. New MDS3 BLOB contains ALL metadata statements in one JSON.
For our PKI We use GlobalSign. The root GS-R3 certificate can be found here: https://valid.r3.roots.globalsign.com/
FIDO servers MUST check that subject common name(CN) is set to mds.fidoalliance.org.
How often should I be fetching MDS3 blob?
We suggest downloading blob once a month, and then cache it’s content. MDS changes done rarely, and so there is no need to do that often.
Do I need an access token?
No, you do not.
Do I need to register with MyMDS to get access to BLOB?
No, you do not.
- https://jwt.io/ – Really useful service for JWT decoding and debugging
- https://www.base64decode.org/ – Decoding Base64 to UTF8
New legal agreements will be soon published.
For assistance on the FIDO Alliance Metadata Service, reach out to [email protected].