“Fast IDentity Online” Is the Go-To Standards Alliance in Protocols for Modern Identity Management
An update of the original "The FIDO Alliance" Quark
The FIDO Alliance – for Fast IDentity Online – is a fresh, fast growing consortium of security vendors and end users working out a new suite of protocols and standards to connect authentication endpoints to services. With an unusual degree of clarity in this field, FIDO envisages simply “doing for authentication what Ethernet did for networking”.
Launched in early 2013, the FIDO Alliance has already grown to nearly 100 members, amongst which are heavyweights like Google, Lenovo, MasterCard, Microsoft and PayPal as well as a couple of dozen biometrics vendors, many of the leading Identity and Access Management solutions and service providers and several global players in the smartcard supply chain.
FIDO is different. The typical hackneyed elevator pitch in Identity and Access Management (IDAM) promises to “fix the password crisis”1 – usually by changing the way business is done. Most IDAM initiatives unwittingly convert clear-cut technology problems into open- ended business transformation problems. In contrast, FIDO’s mission is refreshingly clear cut: it seeks to make strong authentication interoperable between devices and servers. When users have activated FIDO-compliant endpoints, reliable fine-grained information about their client environment becomes readily discoverable by any servers, which can then make access control decisions, each according to its own security policy.
With its focus, pragmatism and critical mass, FIDO is justifiably today’s go-to authentication industry standards effort. In this report, Constellation looks at what the FIDO Alliance has to offer vendors and end user communities and its likely critical success factors. While it’s early days and FIDO is tracking strongly, we offer some suggestions to strengthen its base in the short term.
In February 2014, the FIDO Alliance announced the release of its first two protocol drafts, and a clutch of new members including powerful players in financial services, the cloud and e-commerce.2 Constellation notes in particular the addition to the board of security leader RSA and another major payments card, Discover. And FIDO continues to strengthen its vital “Relying Party” (service provider) representation with the appearance of Aetna, Goldman Sachs, Netflix and Salesforce.com.