FIDO Authentication submits FIDO 2.0 web API to W3C
30 November 2015 10:37 GMT

The FIDO  (Fast IDentity Online) Alliance has submitted technical specifications required to define a standard Web-based API to the World Wide Web Consortium (W3C).

FIDO has given the W3C a set of three technical specifications required to define a standard Web-based API designed to increase FIDO's existing desktop, Chrome, Android and iOS reach to support other platforms.

The W3C is the international standards organization for the World Wide Web.

This FIDO-built Web API is intended to ensure standards-based strong authentication across all Web browsers and related Web platform infrastructure.

"FIDO specifications define a unified mechanism to use cryptographic credentials for unphishable authentication on the Web. The specifications enable a wide variety of user experiences and modalities," said Sampath Srinivas, vice president of FIDO Alliance. "We are very excited about today's announcement and what it means for the future of ubiquitous unphishable FIDO authentication on the Web."

W3C will now have change control of this API, with ongoing collaboration from FIDO Alliance member companies and other web ecosystem stakeholders. W3C is proposing a new Web Authentication Working Group to its membership. The FIDO Alliance will support the adoption of this W3C published Web API through the established FIDO Certification Program.

"The mission of the FIDO Alliance has always been stronger, simpler authentication: stronger to help protect data, and simpler to address the problems users face trying to create and remember multiple usernames and passwords. In order to achieve this mission, FIDO authentication needs to be available everywhere…on all the devices you use and with all of the apps & services you use," said FIDO Alliance president Dustin Ingalls. "With FIDO support in the browser and in the platform, it will be easier than ever for apps and services to take full advantage of FIDO authentication helping to free the world from passwords. Today's announcement showcases how the work we've been doing in FIDO 2.0, and the submissions we are making to W3C will help us meet our goal of enabling FIDO authentication everywhere."

FIDO's Web APIs highlight the Alliance's mission to submit mature technical specifications to recognized standards development organizations (SDOs) for formal standardization. The FIDO Alliance's W3C submission is the first time the Alliance has chosen to submit their specifications to an external SDO.

"Standardizing strong authentication in the Web Platform will help us to improve user and application security by moving beyond passwords. We thank FIDO Alliance members for bringing their work to W3C," said Wendy Seltzer, W3C Technology and Society Domain Lead.

The submission to W3C also supports the Alliance's goal to produce technical specifications that define an open, scalable, interoperable set of mechanisms that reduce the reliance on passwords to authenticate users, and to operate industry programs to help ensure successful worldwide adoption of the FIDO specifications.

"What we submitted to the W3C are the Web API components; the rest of the FIDO 2.0 work remains within the FIDO Alliance and is still in development," said Brett McDowell, executive director of the FIDO Alliance. "The FIDO Alliance's strategy has always hinged on the idea that every device you purchase will come with FIDO standards support built-in, just as we see today with standards like Bluetooth or Wi-Fi. The FIDO 2.0 work is very well aligned to that strategy, and we encourage OEMs to begin planning their device support for these capabilities."