FIDO and W3C Bring Authentication Specifications To The Web

FIDO and W3C Bring Authentication Specifications To The Web

Today in Tokyo, the FIDO Alliance announced that it has submitted to W3C (the World Wide Web Consortium) a set of three technical specifications aimed at defining a Web-based API to bring strong online authentication to all Web browsers and platforms.

Driving this move to further spread the FIDO specifications for strong online authentication is the organization’s growing ubiquity. Along with the announcement, FIDO stated that tens of millions of FIDO-based devices are now in use. Boasting almost 250 Alliance member organizations—including Google, PayPal, Microsoft, NTT DOCOMO, GitHub, DropBox and MasterCard—FIDO has certified 72 products. Submitting its specifications to W3C is FIDO’s way of keeping its momentum building into 2016 after a successful year.

“With FIDO support in the browser and in the platform, it will be easier than ever for apps and services to take full advantage of FIDO authentication helping to free the world from passwords,” said FIDO Alliance president Dustin Ingalls. “Today’s announcement showcases how the work we’ve been doing in FIDO 2.0, and the submissions we are making to W3C will help us meet our goal of enabling FIDO authentication everywhere.”

Having FIDO so prolifically built into Web platforms and browsers will be a major coup for the Alliance, which has long been aiming to kill online passwords with its specifications for stronger authentication. Brett McDowell, executive director of the FIDO Alliance, likens such availability to household name standards such as Bluetooth or WiFi, which are so widely accepted they are expected to be built into consumer tech.

“What we submitted to the W3C are the Web API components; the rest of the FIDO 2.0 work remains within the FIDO Alliance and is still in development,” said McDowell. “The FIDO Alliance’s strategy has always hinged on the idea that every device you purchase will come with FIDO standards support built-in, just as we see today with standards like Bluetooth or Wi-Fi. The FIDO 2.0 work is very well aligned to that strategy, and we encourage OEMs to begin planning their device support for these capabilities.”

The news isn’t just a big win for FIDO. W3C is enthusiastic about the partnership, and has proposed to its membership a new Web Authentication Working Group.

“Standardizing strong authentication in the Web Platform will help us to improve user and application security by moving beyond passwords,” said Wendy Seltzer, W3C Technology and Society Domain Lead. We thank FIDO Alliance members for bringing their work to W3C.”

FIDO’s partnership with W3C is in line with the Alliance’s previous expansion efforts through 2015. FIDO launched its government membership program to help foster adoption of its standards on national levels, invited major financial institutions to join its board, and became adopted by mobile network operator NTT Docomo in Japan. Recently FIDO even reached out to other industry orgs for support, launching its cooperation and liaison program.

November 20, 2015 – by Peter B. Counter