Seal (c) 2016 Image by Wolfgang Claussen from PixabayThe FIDO (Fast Identity Online) Alliance has launched a new certification. Called the FIDO Device Onboard (FDO) certification, its goal is to ensure that FIDO devices, that claim to conform to the FDO standard, will interoperate as expected.

The FDO standard was launched last year and vendors have been building devices to that standard. Therefore, it might seem a bit late to be creating a certification programme. However, there is a need to prove to organisations that when they select FIDO devices from multiple vendors, those devices can be trusted to work together.

Andrew Shikiar, Executive Director and CMO of the FIDO Alliance,
Andrew Shikiar, Executive Director and CMO of the FIDO Alliance,

Andrew Shikiar, Executive Director and CMO of the FIDO Alliance, said, “Edge nodes and IoT devices are bringing transformative benefits to a whole range of industries but overcoming the security risks that exist today is critical to enable more organizations to take the leap.

“The appetite we’ve seen for the FIDO Device Onboard (FDO) standard since we launched last year is a testament to how urgent the business need is to secure the edge in a way that’s quick and cost-effective. Launching the certification program marks another step towards fostering trust in the edge and IoT space and taking mass deployments to the next level.” 

What is this aimed at?

The FDO Certification is aimed at edge and IoT device vendors. It wants to prove that when they claim a device meets the FDO specifications, it can be trusted to do so. Having such a certification not only works for customers, it also works for those device vendors. No customer wants a device that doesn’t interoperate despite claiming to be standards ready.

The press release calls out Dell Technologies, IBM, Intel, Red Hat and VinCSS as vendors already including the FDO specification in products and services. All have pledged their support for the new certification and have agreed to have their products tested against it.

The FDO protocol is a freely available standard. It is designed to champion a zero-trust approach enabling devices to securely onboard to cloud and edge management platforms. As the number of devices that need to be managed by said platforms continues to soar, so does the need for a trusted protocol to allow them to connect.

For critical infrastructure operators such as telco’s, utility companies, fuel pipeline providers, this is an important option. They often have equipment in remote locations where secure onboarding can be a challenge. Yet they constantly need to add and replace equipment to keep their environments safe and secure. The FDO protocol is seen as one solution to their problems.

When will certification begin?

According to the press release: “FDO Certification, testing for which will take place in early October provides conformance and interop testing, a security risk analysis, and assurance that a company’s device meets FDO Specification and Security and Privacy Requirements.”

It goes on to add, “Companies interested in taking part in the FDO Certification interop test can register for free and get more information here.”

What is not clear is whether this will be a wholly independent testing process or just a set of vendor interop labs. Will the tests only be curated and delivered by the FIDO Alliance? Will it engage an accredited third-party that can scale to the required degree of testing? Can we expect to see a list of products that have achieved certification? The latter is something buyers will want to see.

Enterprise Times: What does this mean?

Standards interoperability testing and certification is essential. Without it, vendors will push the boundaries of what they choose to support and create a nightmare of interoperability issues for customers. This is a scenario that has played out again and again over the last few decades.

That the FIDO Alliance has finally released the FDO Certification programme is to be welcomed. However, it is hard to see this as being anything but a late arrival. There is no reason why it couldn’t have put this in place when it launched the FDO Standard last year. The delay runs the risk of their being products that meet the specifications but not as tightly as is required to be openly interoperable with products from any vendor.

Where this will have a significant benefit, is in helping to prevent a surge of low-cost, poorly engineered and coded devices hitting the market going forward. However, that will only happen if there is a publicly available and trusted list of products that have met the certification testing. Without that, customers are being asked to take on trust claims by vendors with the inevitable problem of having to debug problems themselves.

LEAVE A REPLY

Please enter your comment!
Please enter your name here