With the certification of our server back in September, IBM Has been working closely with the FIDO standard, and we're proud to announce we're now officially members of the FIDO Alliance.
As we finalise our release of the capabilities into ISAM and shortly thereafter Cloud Identity, we have found it challenging to keep across the matrix of support offered by different browsers and different authenticators.
Adam Powers - formally of FIDO, he has been maintaining the following diagram:
However, I have found it isn't quite granular enough from a Use Case Level, and so have started *trying* to maintain a use case driven diagram, capturing the available features at a Browser/OS Level, in relation to the use of FIDO2 for Stepup vs Login and in relation to the "User Verification" ie PIN, Biometric etc in conjunction with an authentication challenge.
It is by no means as pretty, and has a few missing pieces (marked in Yellow) (Grey indicates - N/A), and changes with every new release, but it allows you to quickly identify the current support is predominately focused on the Stepup use case with FIDO2.
The good news - IBM's implementation can support all of the the scenarios we a tracking and it's mostly limited by the different behaviours of each browser/operating system.
I'm quietly optimistic that we'll see the passwordless experience become supported in a mainstream capacity in the later half of 2019, and thats when we'll really start to see the value of FIDO 2 reach the masses.
Feel free to leave any comments if you've noticed a browser has changed its support for some of the scenarios above, or you can fill in the blanks for me. I've intentionally not delved into the differences between USB/NFC/BT - and can leave that to Adams Diagram to capture the differences.
And if you have a device that you believe is FIDO 2 compatible, ie, Google Chrome on a TouchBar Mac, Windows Hello and MS Edge, or a Yubikey, please give it a go against preview implementation using our MFA demonstration site, https://verify.securitypoc.com.