Categories: eCommerceMarketing

eBay Joins FIDO, Contributes Open-Source Authentication Server

The FIDO (Fast Identity Online) Alliance is gaining momentum, with eBay joining the effort and contributing a new open-source Universal Authentication Framework compliant server.

FIDO is a multistakeholder initiative whose aim is to enable stronger forms of authentication for online access. The big milestone event for FIDO occurred in December 2014 when the group announced the Universal Second Factor (U2F) and UAF 1.0 specifications.

With UAF, FIDO has built a specification that is designed to replace the need for traditional passwords by making use of other forms of authentication, including the use of biometrics—for example, a user’s fingerprint—to gain access. The U2F specification, in contrast, is all about enabling secure forms of two-factor authentication.

eBay is embracing FIDO to help solve a customer challenge that is increasingly growing.

Passwords

“We have some customer issues dealing with passwords, especially as our mobile app is growing at a fast rate,” Rajeev Angal, director of Trust and Identity Engineering at eBay, told eWEEK. “The mobile form factor is not an easy place to enter a password, and our customers have complained about it.”

Angal added that by embracing FIDO’s UAF, eBay could well find a way to get rid of passwords, replacing them with some more natural-like biometrics. Rather than attempting a unique vendor approach, he said eBay found FIDO’s UAF specification to be a powerful standards-based open-source model that works.

While eBay is embracing UAF, it is not yet embracing U2F as mobile is a primary paint point. Angal did add that eBay will likely be looking at U2F in the future as a possible option.

The eBay UAF effort is very much a work in progress and isn’t something that is generally available. The first key step, however, is making the UAF server open-source, where it is now publicly available for anyone to look at on GitHuband potentially contribute code. Angal demonstrated the eBay UAF server, including Android and iOS mobile clients, at a FIDO event in New York on March 31, where he said there was notable interest from new potential contributors. eBay will continue to test the UAF server for its own needs as well, while looking to build a community around it, he said.

eBay built the UAF server by looking at the UAF 1.0 specifications and then developing code.

“The eBay contribution is not only validation of the need for stronger authentication standards, but also it’s validation of the truly open standard that FIDO develops,” Brett McDowell, executive director at the FIDO Alliance, toldeWEEK. “An outside company [eBay] was able to read the specifications, build a server and a sample app, take it through testing and getting it formally certified while not being members of the FIDO Alliance.”

Looking forward, McDowell said FIDO is working on expanding the adoption of its specifications as well as improving the specifications.

“The next step is to get FIDO into the operating system of devices, and that is the ambition of FIDO 2.0, which is the next publication from us,” McDowell said.

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago