FIDO CERTIFICATION PROGRAMBrett McDowell, Executive Director, FIDO Alliance

Hidehito Gomi, Senior Chief Researcher, Yahoo Japan! Research, Yahoo Japan Corporation

Deployments are enabled by FIDO Certified™ Productsavailable today

2

• Ensure interoperability between FIDO officially recognized implementations

Certification Goals

• Enable implementations to be identified as officially FIDO certified

• Promote the adoption of the FIDO ecosystem

4

ü Availabletoanyoneü Ensuresinteroperabilityü PromotestheFIDOecosystem

Stepstocertification:1. ConformanceSelf-Validation2. Interoperability Testing3. Certification Request4. Trademark License (optional)

fidoalliance.org/certification

Getting Ready

• Standards: UAF and U2F• UAF & U2F 1.0 implementations certified and

in market now• Strongly encourage servers to support

both UAF & U2F

• Prep note to UAF Authenticators• Get a Vendor ID• Register your metadata• Only required for UAF Authenticators!

Self-Conformance

• Goal: test implementations using online tools to ensure conformance with specifications• Both positive and negative testing• Check corner-cases that might occur only rarely in the real world

• Self-Conformance Validation Process• Request access to test tools• Review online help• Run tests – as many as you would like• Perform official test and submit results

• Next step: interop interoperability testing

• Pro tip:• UTHS – code development required• UTHS - Requires registration with gmail account: create one for your

team• UAF – partners required for generating messages

Interoperability Testing

• Goals: implementations work together, no problems in the “real world”• Separate events for UAF and U2F, same format• Interop Logistics

• Registration open ~4-6 weeks ahead of time• Registration closes 14 days ahead of event• Must pass self-conformance validation first• In-person attendance preferred, remote attendance if necessary

Interop Criteria

• What happens at interoperability event• Test with every other implementer at the event

(interoperability)• Perform normal, real-world actions: register,

authenticate, etc.• How to pass

• Show that each action with every other implementer works

• Should issues arise: adjust and retest• After passing interop: Certification registration

• Pro-tip:• Pre-testing is the key to success – don’t wait for the interop to start testing• Pre-testing opt-in available during registration and begins 14 days ahead

of event

Testing Matrix Example) UAF Interop Event on Apr. 30th, 2015

Server Client AuthenticatorYahoo Japan ETRI NTT DOCOMO

(Fujitsu)Yahoo Japan Nok Nok Labs QualCommYahoo Japan Egistec NTT DOCOMO

(Sharp)Yahoo Japan Samsung EgistecYahoo Japan Samsung SDS CrucialtecYahoo Japan Raonsecure Nok Nok Labs… … …

Real experiences:• Performed testing with other

participants who I met for the first time at the event.

• difficult to form a combination (with client and authenticator) smoothly.

• Co-worked together with participants to solve some problems we met.

Certification

• Requires passing the test tool and attending an interop

• Certificate will be granted ASAP, pending documentation verification; plan on 10 business days to be conservative

• All certifications will be public (on FIDO website) unless confidentiality is requested

Test is a good opportunity

Tips from real experiences:

1. Self-checking is very important. Validating your implementation on schema/protocol level is needed before in-person testing.

2. Interoperability testing is effective to demonstrate the conformance of your implementation to the specs.

3. Your certification is appealing all over the world.

Derivatives

• Same implementation, different product• Reasonable caveats apply: bug fixes, etc.

• Designed to lower cost and effort in FIDO certification• Hundreds of SKUs; not hundreds of interops• Lower registration fee for derivatives (next slide)

• Self-Validation and Interop not required• Uses “derivative test plan” instead• Must reference original certificate

Certification Fees

• Certification:• Member: $5,000• Non-Member: $6,500• Per certification

• Derivatives:• Member: $500• Non-Member: $750• Per Derivative

• Vendor ID : $3,000 (one-time)• Credited towards first

certification if used in first 12 months

• Interop: Free!• Test Tools: Free!

CERTIFICATION FEES OTHER FEES

Certification Mark Usage

• Authenticators / Clients• Execute Trademark Licensing Agreement (TMLA)

• Relying parties• “Clickless” license for logo usage• Enables millions of logo users without the logistical overhead

• One logo, two badges:

What to with your FIDO logos

• Put FIDO logos on your website

• Write a press release

• Put FIDO in your apps

• Put FIDO on your product briefs

• Put FIDO in your tradeshow booth

CERTIFICATION STATISTICS

17

By The Numbers:Number of Companies

11

40

FIDO

Re

ady

FIDO

Cer

tifie

d

By The Numbers:

Number of Implementations

5

2510

49FI

DO

Re

ady FI

DO

C

ertif

ied

FID

O C

ertif

ied

FID

O

Read

y

By The Numbers:

Implementation Types

0

5

10

15

20

25

30

35

ClientAuthenticatorServer

Call To Action

• Get certified now!• Get started with specifications at:

https://fidoalliance.org/specifications/download/• Register for Test Tool access:

http://fidoalliance.org/test-tool-access-request/• Next interops:

• UAF, December 9-10, NTT DOCOMO to host at: DOCOMO Innovations, Inc., 3240 Hillview Ave, Palo Alto, CA 94304

• U2F, December 8, Google to host at: 1300 Crittenden Ln, Mountain View, CA 94043

• Thank you to our generous interop hosts!• Registration open now: https://fidoalliance.org/interop-registration/

• Contact us for help and answers:info@fidoalliance.org

FAQ

• Do I need a Vendor ID?• Only if you are a UAF Authenticator• U2F implementers and UAF Servers / Clients do not require a Vendor ID

• Where do I find the form for…?• https://fidoalliance.org/certification/

• What is the cost for…?• Test Tools: free (non-member access: $3,000)• Interop Events: free• Certification: $5,000 member, $6,500 non-member• Derivative Certification: $500 member, $750 non-member• Trademark License Agreement: free

• Where do I start?• Register for test tool access here:

https://fidoalliance.org/test-tool-access-request/