Conformance & certification to specific version of standard

103 views
Skip to first unread message

Roman Došek

unread,
Jun 23, 2021, 9:07:13 AM6/23/21
to FIDO Dev (fido-dev)
Hello,
I'm currently finishing development of FIDO2-conformant authenticator and we're looking to certify it in close future.
It already passes through everything inside 1.52 conformance tools. However, I'm interested in supporting features inside upcoming FIDO2.1 standard. What's the right approach? As far as I can as see, all of the mandatory features in upcoming standard are doable through firmware update. If I certify it according to FIDO2.0, do I need to certify(pay) it again for newer standard?
And what about metadata statements, are they updatable when the authenticator starts supporting more features?

Best regards,
Roman Došek

da...@fidoalliance.org

unread,
Jul 8, 2021, 6:28:04 PM7/8/21
to Roman Došek, FIDO Dev (fido-dev)

Hello Roman,

 

Updating an authenticator from CTAP 2.0 to 2.1 will require recertification as define here - https://fidoalliance.org/certification/certification-maintenance-and-updates/. This type of upgrade will require at least a Delta certification.

 

David

--

David Turner| FIDO Alliance | Director of Standards Development

T: +1.206.372.3496 

da...@fidoalliance.org | Skype: davidjamesturner | www.fidoalliance.org

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/fe03017e-3666-4d93-a095-cc8d1367ac74n%40fidoalliance.org.

John Bradley

unread,
Jul 8, 2021, 7:37:03 PM7/8/21
to Roman Došek, FIDO Dev (fido-dev)
As someone currently doing CTAP2.1 certification.  The change is big enough that we are doing a new certification from scratch and changing the AAGUID so it will have a new entry.  

Updating the MDS for minor changes is fine, but MDS3 contains the contents of getInfo so a CTAP2.0 and CTAP2.1 sharing the same entry is probably not ideal.  

I feel for you on cost, so file a FIAR and see if you can get away with a delta.   It just wasn't worth the time for us to bother with that. 

You can find the CTAP2.1 test tool in the experimental directory of the test tool. 

Regards. 
John B. 

--
Reply all
Reply to author
Forward
0 new messages