Glossary
- AAGUID
- An Authenticator Attestation Global Unique Identifier (AAGUID) is a 128-bit identifier representing make and model for a group of FIDO2 authenticators that share the same authenticator metadata. The AAGUID allows a service provider to determine which attestation root certificate chain to treat as trusted for a specific attestation statement, without revealing information that can be used to track an individual authenticator. AAGUIDs are typically written out as a 32-character hexadecimal string, sometimes with dashes after the 8th, 12th, 16th and 20th digits. For example, the AAGUID for the YubiKey 5 NFC is d7781e5d-e353-46aa-afe2-3ca49f13332a.
- Authenticator Metadata
- Authenticator metadata is information about authenticator which helps relying parties or identity providers support authenticators with different capabilities, manufactured by different vendors. This information includes the AAGUID, a certificate chain that can be used to validate attestation statements, and information about how the authenticator can be connected (USB, NFC or Bluetooth) as well as what extensions are supported.
- MDS
- FIDO Metadata Service (MDS) is a service provided by the FIDO Alliance that defines a uniform, vendor-agnostic method for looking up FIDO authenticator metadata by its AAGUID. Additional information about the FIDO Metadata Service can be found at the FIDO Alliance: https://fidoalliance.org/metadata/