What are the new Legal Terms? As you may know the biggest change in MDS 2.0 is the introduction of new legal terms for both Authenticator vendors and consumers of Metadata (Relying Parties). The MDS 2.0 Legal terms can be viewed at the URLs listed below: Publisher Terms for Authenticator vendors who publish metadata: https://mymds2.fidoalliance.org/eula [Japanese (日本の) version (for reading/reference purposes only)] Usage Terms for Relying parties or anyone who wishes to access metadata: https://mds2.fidoalliance.org/tokens/legalese?v=1.0 [Japanese (日本の) version (for reading/reference purposes only)] Can I view the original legal terms? Yes, you can view the original Metadata Service legal terms here. How do I get an access token? To retrieve metadata or TOC (Table of Contents for all metadata statements) you will have to first register to get a MDS Access Token. To do this visit: https://mds2.fidoalliance.org/tokens/ How do I retrieve the TOC file from MDS2? Once you have an issued Access Token, you can get to the Metadata TOC by using the URL below after you substitute in the URL below with your access token string. https://mds2.fidoalliance.org/?token=your-access-token-string Example (this does not use a valid token): https://mds2.fidoalliance.org/?token=6d6b44d78b09fed0c5559e34c71db291d0d322d4d4de0000 This will download a TOC file in an encoded JWT format (not human-readable). How do I view a readable TOC file?
Frequently Asked Questions
- Visit JWT decoding web site: https://jwt.io
- Click on Debugger at the top (or scroll down)
- On the Debugger page, in the Encoded box on the left side: Replace all existing text with the encode string in the toc.jwt file.
- The root certificate from the FIDO Alliance is available at https://mds.fidoalliance.org/Root.cer
- To validate the digital certificates used in the digital signature, the certificate revocation information is available in the form of CRLs at the following locations