LANGUAGE

FIDO Alliance Metadata Service

The FIDO Alliance Metadata Service (MDS) is a centralized repository of the Metadata Statement that is used by the relying parties to validate authenticator attestation and prove the genuineness of the device model. MDS also provides information about certification status of the authenticators, and found security issues. Organizations deploying FIDO Authentication are able to use this information to select specific certification levels as required for compliance, and work through the security notifications to ensure effective incident response.

The latest update to MDS (version 3.0) features an improved user interface and improved metadata publication time for vendors, and easier download of the metadata TOC blob for deploying organizations.If you are looking for Legacy MDS2 documentation, you can find it here: https://fidoalliance.org/metadata/legacy-mds2

Who should be using Metadata Service?

The metadata service provides organizations deploying FIDO Authentication with a centralized and trusted source of information about FIDO authenticators. MDS and attestations are especially helpful for deploying organizations in particular types of industries, including regulated industries (government, federal agencies, banking and healthcare organizations for example) and/or organizations handling sensitive data (media companies, R&D institutions, corporations, etc). These types of organizations should leverage MDS to verify that accepted authenticators meet certain criteria, such as FIDO L1, L2 and L3 certifications for compliance, as well as leverage security issue notifications  to determine suitable responses.

An organization deploying FIDO and leveraging MDS should keep its metadata database up-to-date to ensure it has the latest information about new authenticators, including their certification status, and protect itself against vulnerabilities in trusted authenticators.

API

Authorization

MDS3 BLOB does not require authorization

Obtaining BLOB

Latest BLOB can be downloaded from https://mds.fidoalliance.org/

There is no need to download individual metadata anymore. New MDS3 BLOB contains ALL metadata statements in one JSON.

For our PKI We use GlobalSign. The root GS-R3 certificate can be found here: https://valid.r3.roots.globalsign.com/

FIDO servers MUST check that subject common name(CN) is set to mds.fidoalliance.org.

FAQ

How often should I be fetching MDS3 blob?
We suggest downloading blob once a month, and then cache it’s content. MDS changes done rarely, and so there is no need to do that often.

Do I need an access token?
No, you do not.

Do I need to register with MyMDS to get access to BLOB?
No, you do not.

Useful tools

Legal

New legal agreements will be soon published.

For assistance on the FIDO Alliance Metadata Service, reach out to [email protected]

Download Authn Specs
Sign up for updates!Get news from FIDO Alliance in your inbox.

By submitting this form, you are consenting to receive communications from: FIDO Alliance, 3855 SW 153rd Drive, Beaverton, OR 97003, US, http://www.fidoalliance.org. You can revoke your consent to receive emails at any time by using the unsubscribe link found at the bottom of every email.