FIDO Alliance broadens scope with new digital credentials work, deployments

The FIDO Alliance is leveling up. Several announcements show the passwordless-focused organization evolving, as it expands beyond its initial push for passkeys to engage with the wider identity ecosystem.

After dropping hints on the Biometric Update Podcast, the FIDO Alliance today announced the launch of a new digital credentials initiative, to be carried out by a new Digital Credentials Working Group (DCWG). The company’s announcement calls it an expansion of the FIDO Alliance’s mission to accelerate the adoption of verifiable digital credentials and identity wallets. Work will focus on three foundational workstreams: wallet certification, specification development and usability and relying party enablement.

The digital credentials pivot will be among the projects on the agenda at the newly announced Authenticate APAC 2026 event in Singapore next year, billed as “the first time the industry’s only conference dedicated to digital identity and phishing-resistant authentication will be held in the Asia-Pacific region.” Also on the bill are a new metadata service, a new deployment in the Japanese mobile banking sector, and a new adaptable FIDO authentication product from Fingerprint Cards.

Updated metadata service gives RPs new ways to verify authenticator compliance

The FIDO Alliance has updated its FIDO Metadata Service (MDS), which helps ensure organizations have the information necessary to successfully validate authenticators. In a blog, the organization says that “to support the continued evolution of the FIDO ecosystem, we have released an update to the MDS that provides new tools for relying parties (RPs) to verify authenticator compliance, improve interoperability and life cycle management, while enhancing the user experience.”

Specific updates include enforcement of a standardized security policy, so relying parties can “ensure the correct level of FIPS compliance by verifying that authenticators meet their exact security criteria before granting access.” Streamlined cross-provider integration means RPs can “dynamically discover and retrieve detailed information about the passkey provider’s Credential Exchange (CX) definitions.” There is a new “retired” authenticator status value, to “accurately reflect MDS entries that are no longer actively supported or recommended for use.

The MDS version check “cuts processing times by introducing localCopySerial, a new parameter that can be specified to only return metadata if a new version of the MDS BLOB is available.”

FIDO has also launched a new Convenience Metadata Service, which simplifies UX for passkeys so it’s consistent across platforms. “This includes standardized, user-friendly names for passkey providers, and high-quality logos for RPs to use in user interfaces and presentation layers.”

Both the updated FIDO MDS and the new Convenience Metadata Service are now live.

Japanese banks look to FIDO as regulations shift

A FIDO member company has a new deployment in Japan, where Sumitomo Mitsui Trust Bank (SuMiTB) has selected OneSpan to enhance mobile banking security. GlobalData says the move introduces OneSpan’s cloud-based FIDO authentication product to the Japanese mobile banking sector, following on-premises deployments in the country.

OneSpan CEO Victor Limongelli says his firm’s selection “not only underscores OneSpan’s leadership and credibility in Japan’s rapidly evolving FIDO market but also demonstrates our ability to deliver enterprise-scale, phishing-resistant authentication that meets the highest regulatory standards.”

SuMiTB plans to extend FIDO’s use to mobile banking transactions in part to address losses of hundreds of millions of yen from phishing-related fraud and account takeover, and in part to align with evolving regulations from Japan’s Financial Services Agency (FSA), which has proposed requiring financial institutions to use phishing-resistant authentication methods.

Authenticate APAC brings conference to Asia for first time

The Authenticate APAC 2026 event will run from June 4-5, 2026 in Singapore. The FIDO Association intends for it to serve as a “regional hub for education, collaboration and innovation,” as the region gains influence on the cybersecurity landscape and momentum on government digital identity initiatives and commercial passkey deployments.

“The FIDO Authenticate conference has become the defining event for the authentication community, and we are proud to extend this platform to the Asia-Pacific region,” says Andrew Shikiar, CEO of the FIDO Alliance. “There is tremendous innovation happening across APAC, and this event will provide a dedicated space for local and global leaders to collaborate and help build the future of a secure, user-friendly and interoperable internet.”

Article Topics

Authenticate Conference  |  biometrics  |  FIDO Alliance  |  passkeys  |  passwordless authentication