Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
FIDO CERTIFICATION PROGRAMBrett McDowell, Executive Director, FIDO Alliance
Hidehito Gomi, Senior Chief Researcher, Yahoo Japan! Research, Yahoo Japan Corporation
Deployments are enabled by FIDO Certified™ Productsavailable today
2
• Ensure interoperability between FIDO officially recognized implementations
Certification Goals
• Enable implementations to be identified as officially FIDO certified
• Promote the adoption of the FIDO ecosystem
4
ü Availabletoanyoneü Ensuresinteroperabilityü PromotestheFIDOecosystem
Stepstocertification:1. ConformanceSelf-Validation2. Interoperability Testing3. Certification Request4. Trademark License (optional)
fidoalliance.org/certification
Getting Ready
• Standards: UAF and U2F• UAF & U2F 1.0 implementations certified and
in market now• Strongly encourage servers to support
both UAF & U2F
• Prep note to UAF Authenticators• Get a Vendor ID• Register your metadata• Only required for UAF Authenticators!
Self-Conformance
• Goal: test implementations using online tools to ensure conformance with specifications• Both positive and negative testing• Check corner-cases that might occur only rarely in the real world
• Self-Conformance Validation Process• Request access to test tools• Review online help• Run tests – as many as you would like• Perform official test and submit results
• Next step: interop interoperability testing
• Pro tip:• UTHS – code development required• UTHS - Requires registration with gmail account: create one for your
team• UAF – partners required for generating messages
Interoperability Testing
• Goals: implementations work together, no problems in the “real world”• Separate events for UAF and U2F, same format• Interop Logistics
• Registration open ~4-6 weeks ahead of time• Registration closes 14 days ahead of event• Must pass self-conformance validation first• In-person attendance preferred, remote attendance if necessary
Interop Criteria
• What happens at interoperability event• Test with every other implementer at the event
(interoperability)• Perform normal, real-world actions: register,
authenticate, etc.• How to pass
• Show that each action with every other implementer works
• Should issues arise: adjust and retest• After passing interop: Certification registration
• Pro-tip:• Pre-testing is the key to success – don’t wait for the interop to start testing• Pre-testing opt-in available during registration and begins 14 days ahead
of event
Testing Matrix Example) UAF Interop Event on Apr. 30th, 2015
Server Client AuthenticatorYahoo Japan ETRI NTT DOCOMO
(Fujitsu)Yahoo Japan Nok Nok Labs QualCommYahoo Japan Egistec NTT DOCOMO
(Sharp)Yahoo Japan Samsung EgistecYahoo Japan Samsung SDS CrucialtecYahoo Japan Raonsecure Nok Nok Labs… … …
Real experiences:• Performed testing with other
participants who I met for the first time at the event.
• difficult to form a combination (with client and authenticator) smoothly.
• Co-worked together with participants to solve some problems we met.
Certification
• Requires passing the test tool and attending an interop
• Certificate will be granted ASAP, pending documentation verification; plan on 10 business days to be conservative
• All certifications will be public (on FIDO website) unless confidentiality is requested
Test is a good opportunity
Tips from real experiences:
1. Self-checking is very important. Validating your implementation on schema/protocol level is needed before in-person testing.
2. Interoperability testing is effective to demonstrate the conformance of your implementation to the specs.
3. Your certification is appealing all over the world.
Derivatives
• Same implementation, different product• Reasonable caveats apply: bug fixes, etc.
• Designed to lower cost and effort in FIDO certification• Hundreds of SKUs; not hundreds of interops• Lower registration fee for derivatives (next slide)
• Self-Validation and Interop not required• Uses “derivative test plan” instead• Must reference original certificate
Certification Fees
• Certification:• Member: $5,000• Non-Member: $6,500• Per certification
• Derivatives:• Member: $500• Non-Member: $750• Per Derivative
• Vendor ID : $3,000 (one-time)• Credited towards first
certification if used in first 12 months
• Interop: Free!• Test Tools: Free!
CERTIFICATION FEES OTHER FEES
Certification Mark Usage
• Authenticators / Clients• Execute Trademark Licensing Agreement (TMLA)
• Relying parties• “Clickless” license for logo usage• Enables millions of logo users without the logistical overhead
• One logo, two badges:
What to with your FIDO logos
• Put FIDO logos on your website
• Write a press release
• Put FIDO in your apps
• Put FIDO on your product briefs
• Put FIDO in your tradeshow booth
CERTIFICATION STATISTICS
17
By The Numbers:Number of Companies
11
40
FIDO
Re
ady
FIDO
Cer
tifie
d
By The Numbers:
Number of Implementations
5
2510
49FI
DO
Re
ady FI
DO
C
ertif
ied
FID
O C
ertif
ied
FID
O
Read
y
By The Numbers:
Implementation Types
0
5
10
15
20
25
30
35
ClientAuthenticatorServer
Call To Action
• Get certified now!• Get started with specifications at:
https://fidoalliance.org/specifications/download/• Register for Test Tool access:
http://fidoalliance.org/test-tool-access-request/• Next interops:
• UAF, December 9-10, NTT DOCOMO to host at: DOCOMO Innovations, Inc., 3240 Hillview Ave, Palo Alto, CA 94304
• U2F, December 8, Google to host at: 1300 Crittenden Ln, Mountain View, CA 94043
• Thank you to our generous interop hosts!• Registration open now: https://fidoalliance.org/interop-registration/
• Contact us for help and answers:[email protected]
FAQ
• Do I need a Vendor ID?• Only if you are a UAF Authenticator• U2F implementers and UAF Servers / Clients do not require a Vendor ID
• Where do I find the form for…?• https://fidoalliance.org/certification/
• What is the cost for…?• Test Tools: free (non-member access: $3,000)• Interop Events: free• Certification: $5,000 member, $6,500 non-member• Derivative Certification: $500 member, $750 non-member• Trademark License Agreement: free
• Where do I start?• Register for test tool access here:
https://fidoalliance.org/test-tool-access-request/