The Leading Identity Management Alliance Puts Its Specifications into a Free, Open Standards Process
The FIDO Alliance is the most important Identity Management (IdM) consortium in an industry that has seen many associations over many years. Comprising technology vendors, most SIM suppliers, solutions providers, household names in consumer devices, and e- commerce super-powers, the FIDO Alliance is developing protocols and standards to strongly authenticate users and personal devices online. With a fresh focus and discipline in this traditionally complicated field, FIDO envisions itself doing for authentication what Ethernet did for networking. Launched less than three years ago, the FIDO Alliance has now grown to over 230 members. Included are technology heavyweights like Google, Intel, Lenovo and Microsoft; almost every SIM and smartcard supplier; payments giants American Express, Discover, MasterCard, PayPal and Visa; global banks like Bank of America and ING; and e-commerce players like Alibaba and Netflix. The financial services industry is onboard through members like Aetna, E*trade, Goldman Sachs, JP Morgan Chase, and USAA. So FIDO has a breadth of participation across the “Relying Party” or technology buy-side that other identity technology associations can only dream of.
FIDO’s success comes in part from a radically clear mission: Take the smartphones and devices most of us are intimately connected to and use the built-in cryptography to authenticate users to services. A registered FIDO-compliant device, when activated by its user, can send verified details about the device and the user to service providers, via standardized protocols. FIDO leverages the ubiquity of sophisticated handsets and the tidal wave of smart things. The Alliance focuses on device-level protocols without venturing to change the way user accounts are managed or shared. This sets FIDO well apart from the Federated Identity movement which to date has tried to address the password problem by sharing credentials, which generally confounds established risk management and business processes.
In a major step forward for FIDO’s influence in cyber security, the Alliance has now submitted specifications to the World Wide Web Consortium (W3C) standardization process. Thus, FIDO has made good on its longstanding promise to steadily evolve from proprietary protocols to free and open standards for authentication in such a way that rewards early adopters while shifting the whole ecosystem without fear or favor over time.
With its focus, pragmatism and membership breadth, FIDO is today’s go-to authentication standards effort. Constellation follows the FIDO Alliance closely and produces a series of regular reports. This update looks at the continuing expansion of the Alliance, especially into government and payments, the growing certification program, and the impact on the industry of standardizing IdM protocols through the W3C.
This report is the latest update to Constellation’s continuous coverage of the FIDO Alliance. Constellation produces a series of reports on the FIDO Alliance, with two updates per year. Each new report retains sufficient background so newcomers can quickly get up to speed with the Alliance, its objectives and its work, and presents our analysis of the most significant developments in use cases, applications and membership. The earlier reports were:
FIDO Alliance Update: On Track to a Standard, April 14, 2015
FIDO Alliance Update: Identity Management Implications for a World of Digital
Business, August 29, 2014
Update on the FIDO Alliance, February 25, 2014