FIDO Alliance

The FIDO ("Fast IDentity Online") Alliance is an open industry association launched in February 2013 whose stated mission is to develop and promote authentication standards that "help reduce the world’s over-reliance on passwords".[1] FIDO addresses the lack of interoperability among devices that use strong authentication and reduces the problems users face creating and remembering multiple usernames and passwords.

FIDO Alliance
FoundedFebruary 2013 (2013-02)
Headquarters
Mountain View, California
,
United States
Websitefidoalliance.org

Overview

FIDO supports a full range of authentication technologies, including biometrics such as fingerprint and iris scanners, voice and facial recognition, as well as existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB security tokens, embedded Secure Elements (eSE), smart cards, and near field communication (NFC).[2] The USB security token device may be used to authenticate using a simple password (e.g. four-digit PIN) or by pressing a button. The specifications emphasize a device-centric model. Authentication over the wire happens using public-key cryptography. The user's device registers the user to a server by registering a public key. To authenticate the user, the device signs a challenge from the server using the private key that it holds. The keys on the device are unlocked by a local user gesture such as a biometric or pressing a button.

FIDO provides two types of user experiences depending on which protocol is used.[2] Both protocols define a common interface at the client for whatever local authentication method the user exercises.

Specifications

The following open specifications may be obtained from the FIDO web site.[3]

  • Universal Authentication Framework (UAF)
    • UAF 1.0 Proposed Standard (December 8, 2014)
    • UAF 1.1 Proposed Standard (February 2, 2017)
    • UAF 1.2 Review Draft (November 28, 2017)
  • Universal 2nd Factor (U2F)
    • U2F 1.0 Proposed Standard (October 9, 2014)
    • U2F 1.2 Proposed Standard (July 11, 2017)
  • FIDO 2.0 (FIDO2, contributed to the W3C on November 12, 2015)[4]
    • FIDO 2.0 Proposed Standard (September 4, 2015)
The evolution of the FIDO2-WebAuthn family of protocol standards

The U2F 1.0 Proposed Standard (October 9, 2014) was the starting point for a short-lived specification known as the FIDO 2.0 Proposed Standard (September 4, 2015). The latter was formally submitted to the World Wide Web Consortium (W3C) on November 12, 2015.[5] Subsequently, the first Working Draft of the W3C Web Authentication (WebAuthn) standard was published on May 31, 2016. The WebAuthn standard has been revised numerous times since then, becoming a W3C Recommendation on March 4, 2019.

Meanwhile the U2F 1.2 Proposed Standard (July 11, 2017) became the starting point for the Client to Authenticator Protocol 2.0 Proposed Standard, which was published on September 27, 2017. FIDO CTAP 2.0 complements W3C WebAuthn, both of which are in scope for the FIDO2 Project.

Milestones
  • (2014-10-09) The U2F 1.0 Proposed Standard was released
  • (2014-12-08) The UAF 1.0 Proposed Standard was released[6][7]
  • (2015-06-30) The FIDO Alliance released two new protocols that support Bluetooth technology and near field communication (NFC) as transport protocols for U2F[8]
  • (2015-09-04) The FIDO 2.0 Proposed Standard was released
    • FIDO 2.0 Key Attestation Format
    • FIDO 2.0 Signature Format
    • FIDO 2.0 Web API for Accessing FIDO 2.0 Credentials
  • (2015-11-12) The FIDO Alliance submitted the FIDO 2.0 Proposed Standard to the World Wide Web Consortium (W3C)[5][9]
  • (2016-02-17) The W3C created the Web Authentication Working Group
  • (2017-02-02) The UAF 1.1 Proposed Standard was released
  • (2017-07-11) The U2F 1.2 Proposed Standard was released
  • (2017-09-27) The Client To Authenticator Protocol 2.0 Proposed Standard was released
  • (2017-11-28) The UAF 1.2 Review Draft was released
  • (2018-02-27) The Client To Authenticator Protocol 2.0 Implementation Draft was released
  • (2019–03) W3C’s Web Authentication (WebAuthn) recommendation – a core component of the FIDO Alliance’s FIDO2 set of specifications – became an official web standard, signaling a major step forward in making the web more secure and usable for users around the world. [10]

See also

References
  1. https://www.envzone.com/why-big-tech-is-striving-for-the-world-without-password/
  2. "Specifications Overview". FIDO Alliance. Retrieved 31 October 2014.
  3. "Download Specifications". FIDO Alliance. Retrieved 13 February 2019.
  4. "FIDO 2.0: Overview". fidoalliance.org. Retrieved 2021-01-21.
  5. "Submission Request to W3C: FIDO 2.0 Platform Specifications 1.0". World Wide Web Consortium (W3C). Retrieved 12 February 2019.
  6. "FIDO 1.0 Specifications Published and Final". FIDO Alliance. Retrieved 31 December 2014.
  7. "Computerworld, December 10, 2014: "Open authentication spec from FIDO Alliance moves beyond passwords"". Computerworld. Retrieved 10 December 2014.
  8. "eWeek, July 1, 2015: "FIDO Alliance Extends Two-Factor Security Standards to Bluetooth, NFC"". eWeek. Retrieved 1 July 2015.
  9. "W3C Member Submission 20 November 2015: FIDO 2.0: Web API for accessing FIDO 2.0 credentials". W3C. Retrieved March 14, 2016.
  10. https://fidoalliance.org/overview/history/
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.