November 24, 2015 -
The FIDO (Fast IDentity Online) Alliance announced it has submitted the FIDO 2.0 platform enablement components to World Wide Web Consortium (W3C), which marks the first time the Alliance has submitted their specifications to an outside standards developing organization.
The components comprise of three technical specifications required to define a standard web-based API intended to increase FIDO’s existing desktop, Chrome, Android and iOS reach to support other platforms.
Developed by FIDO, the web API is designed to ensure standards-based strong authentication across all browsers and related web platform infrastructure.
“FIDO specifications define a unified mechanism to use cryptographic credentials for unphishable authentication on the web,” said Sampath Srinivas, vice president of FIDO Alliance. “The specifications enable a wide variety of user experiences and modalities. We are very excited about today’s announcement and what it means for the future of ubiquitous unphishable FIDO authentication on the web.”
W3C will now have change control of this API, with FIDO Alliance member companies and other web ecosystem stakeholders continuing to collaborate with the organization.
In support of this, W3C is proposing a new web authentication working group to its membership.
Meanwhile, the FIDO Alliance will support the adoption of the W3C published Web API through its FIDO Certification Program.
FIDO’s web APIs highlight the Alliance’s mission to submit mature technical specifications to recognized standards development organizations (SDOs) for formal standardization.
“Standardizing strong authentication in the web platform will help us to improve user and application security by moving beyond passwords,” said Wendy Seltzer, W3C Technology and Society Domain Lead. “We thank FIDO Alliance members for bringing their work to W3C.”
The submission to W3C also supports FIDO’s ongoing goal to create technical specifications that define an open, scalable, interoperable set of mechanisms that decrease the use of passwords to authenticate users, and to operate industry programs to help ensure worldwide adoption of FIDO specifications.
FIDO Alliance founding member Nok Nok Labs released a statement regarding the submission, which it said “paves the way for web browser and operating system platforms to support essential components of the FIDO vision.”
“Nok Nok Labs intends to provide a bridge from the FIDO UAF 1.x protocol in production today to the upcoming FIDO 2.0 specification,” Nok Nok Labs said in a statement. “The Nok Nok S3 Authentication Suite supports the FIDO UAF 1.x protocol and Nok Nok Labs will continue to provide forward compatibility to future FIDO protocols that will eventually emerge from the standards process. Organizations can deploy the Nok Nok S3 Authentication Suite today with the confidence that it will embrace future iterations of the FIDO protocol as they emerge over the coming years.”