As you know, my main job is to jump from one standardization body to another. In (my) history of meeting this kind of tribes, I have witnessed several birth and death of SDOs. I have gone to the traditionnal ETSI, the rich GSMA, the working hard GlobalPlatform, the always-been-here TCG, the fabulous W3C… None of them, from my view, had a development such as FIDO Alliance did. Seriously. Jumping from 4 founding folks (Lenovo, Validity, Paypal, NokNokLabs) to a list of 170 (paying) members in 2 years. This is amazing. For the ones who missed it, few facts and figures about FIDO Alliance.
FIDO Alliance primer goal is to design a solution for seamless authentication on the web, under user control. Born in 2013. Worked under the water during one year to write spec, evangelize and recruit. Showed at MWC 2014 – different products , including a commercial deployment by Samsung and Paypal. Announced a Google launch named Secure Key in October 2014. Issued its first set of specifications in December 2014 (aka 500 pages of architecture, protocol, documentation, …) and may surprise us again during the MWC 2015. In the meantime, the Board increased to 22 members, to include major players such as (sorry long but impressive list worth sharing it here) Alibaba, ARM, Bank of America, Discover, Google, Mastercard, Visa, Microsoft, NXP, Qualcomm, RSA and Samsung. Those guys are the ones paying the most and directing the strategy.
Seriously. So much people around that specific problem. There must be something. One may argue that at the moment the co-existence of two different technologies (UAF and U2F for acronyms geeks) may reduce the value of FIDO Alliance to solve one single problem. Maybe. But it kickstarted the market, and it was required to have Google family joining the conversation, and thus having all the major actors around the table.
Nevertheless, such growth should have never happened without the following assets :
– a clear value proposition : hey, come on, let’s kill passwords ! (a real challenge in the security area)
– a strong marketing and business development team, backed with serious financial interests, being everywhere, in any single conference approaching the authentication topic.
– a continuous positive and monitored communication, encouraging and valuing product or members PR.
– a clear governance : you pay, you decide, you pay less, you influence the technical stuff, you pay few, you listen and implement.
– good and committed technical folks to chair the working groups and edit the specs (folks like Brad Hill, Jeff Hodges, look at the names here).
– a pragmatic product functional compliance approach (aka interoperable test fest before thousands of tests being developed).
I’d say that FIDO Alliance may succeed or not (I wish it will), but the growth of that SDO is amazing and we should, first get inspiration from their good practices, and second, listen to FIDO Alliance announcement during this year, hoping those guys will talk loud.
Note : picture by abac077 “ CC BY-NC-SA 2.0
Peter, indeed, it is a consortium, but it delivers specifications and have products implementing it : they do have a process, by laws, decision making rules, which makes it mirroring SDOs uses (from my experiement).
FIDO state clearly that they are *not* a standards body and yet you compare them with standards bodies. The successes they claim are in large part because they are not an SDO and thus not constrained by the sort of open process that would be required of such bodies.
I’m not saying it is not a success – but it’s not a standards body either! 😉