Attestation is a step in the FIDO registration ceremony in which the FIDO relying party can verify the make and model of the FIDO Authenticator that is about to register.
- During the registration ceremony, the FIDO Authenticators public key is signed with an (authenticator model-specific) attestation key.
- Attestation keys have associated attestation certificates, that chain to a root certificate. All authenticators of the same make and model share the same attestation certificate.
A FIDO Authenticators make and model can be verified by Airlock IAM by consulting the configured trust store.
The FIDO Alliance Metadata Service (MDS) is not supported in Airlock IAM.