The consensus in the security industry for some time has been that because of virtualization, the cloud, mobility and BYOD in the enterprise, authentication/identity is the new perimeter. Unfortunately, as a result of the explosion in vectors of vulnerability and the sophistication of those with malicious intent, as the headlines shout almost daily the barbarians are not at the gate but have figured out how to storm or get around them. It is why so much attention has been paid to stronger authentication technologies.
The FIDO Alliance (Fat Identity online Alliance), an open industry consortium delivering standards for simpler, stronger authentication, has been actively working the challenge of coming up with standards that make it easier for all of us to access what we need securely, and has announced a milestone with release of its first public review draft technology specifications.
Collaboratively developed by some for marquee info-tech companies in the world, the specs are designed to enable simpler, stronger authentication to scale in the market. FIDO standards address industry and consumer pain points by ensuring that users and online service providers have a variety of choices to select from when adopting simpler, stronger authentication alternatives to today's prevailing reliance on single-factor passwords.
A huge challenge
There is ample context for just how important this effort is. For example, as FIDO points out:
FIDO, in part in celebration of its first-year anniversary, says the release of its specifications, “Demonstrates momentum that attests to pent-up demand for simpler, stronger authentication that must scale, as only open industry standards can deliver.”
“It is with pride that the FIDO Alliance releases the review draft specifications to the public today, before our first anniversary of starting the long overdue revolution in authentication. Congratulations to our members for their insights, expertise, and tireless dedication to delivering better authentication that is more secure, private and easier-to-use than prevailing password schemas,” said FIDO Alliance president, Michael Barrett. “With today’s public release of the review draft specifications, we especially welcome and anticipate new types of members coming from various enterprises. Furthermore, we encourage Relying Parties to begin testing their unique FIDO authentication needs with the commercial solutions already available from many FIDO member companies.”
In addition to the release for review of the specifications, FIDO also revealed that its membership is approaching 100 strong, with Aetna, ARM, Dell, Discretix, IdentityX, Netflix, Next Biometrics, Oesterreichische Staatsdruckerei GmbH, Salesforce, SafeNet, Sonavation, STMicroelectronics (News - Alert), and Wave Systems being among the most recent companies to join as Sponsor members of the Alliance.
The specifications are device-centric
As FIDO explains, the new specifications emphasize a device-centric model that reflects the Alliance's dedication to usability, privacy and security. FIDO specifications will support a full range of authentication technologies, including:
They allow device-specific authentication capabilities to be leveraged by online services within an interoperable infrastructure, enabling authentication choice to meet the distinct needs of users and organizations. In addition, the FIDO specifications complement and add value to identity federation. It should also be noted that in conjunction with the specifications the FIDO Alliance also has published a reference whitepaper
If you are looking to kick the tires of FIDO Ready products, they will be on display at this month’s Mobile World Congress 2014 (MWC 2014), RSA Security (News - Alert) Conference and FIDO Public Forum Event in Palo Alto, California.
As I have noted in previous articles on the work being done by FIDO, the traction they have gotten is impressive. They have demonstrated an ability unlike many other industry groups to move fast. In an era where speed has become critical, especially when it comes to providing security, it is why they are an organization to keep a close watch on.