Table of Contents

 1     Scope       
 2     References
 3     Definitions
        3.1     Terms defined elsewhere       
 4     Abbreviations and acronyms         
 5     Conventions         
 6     Overview  
        6.1     Architecture 
        6.2     Protocol conversation              
        6.3     Relationship to other specifications    
 7     Protocol details       
        7.1     Shared structures and types  
        7.2     Processing rules for the server policy
        7.3     Version negotiation   
        7.4     Registration operation             
        7.5     Authentication operation       
        7.6     Deregistration operation         
 8     Considerations        
        8.1     Protocol core design considerations   
        8.2     Implementation considerations         
        8.3     Security considerations            
        8.4     Interoperability considerations            
 9     UAF supported assertion schemes 
        9.1     Assertion scheme "UAFV1TLV"            
Annex A – UAF android protected confirmation assertion format    
        A.1     Data structures for APCV1CBOR          
       A.2      Authentication assertion        
       A.3      Processing rules          
        A.4     Example for metadata statement       
Annex B – UAF web authentication assertion format    
       B.1      Data structures for WAV1CBOR            
       B.2      Processing rules          
       B.3      Mapping CTAP2 error codes to ASM error codes           
Annex C – UAF authenticator Commands    
        C.1     UAF authenticator     
       C.2      Tags 
       C.3      Structures     
       C.4      UserVerificationToken             
       C.5      Commands   
       C.6      KeyIDs and key handles           
       C.7      Access control for commands
       C.8      Considerations            
       C.9      Relationship to other standards           
      C.10      Security guidelines   
Annex D – UAF application API and transport binding    
       D.1      Audience      
       D.2      Scope             
       D.3      Architecture
       D.4      Common definitions 
       D.5      Shared definitions     
       D.6      DOM API       
       D.7      Android Intent API    
       D.8      iOS Custom URL API  
       D.9      Transport binding profile        
Annex E – UAF registry of predefined values    
       E.1      Authenticator characteristics 
       E.2      Predefined Tags          
       E.3      Predefined extensions             
       E.4      Other identifiers specific to UAF          
Appendix I – UAF architectural overview    
       I.1      Background    
       I.2      UAF high-level architecture     
       I.3      UAF usage scenarios and protocol message flows          
       I.4      Privacy considerations
       I.5      Relationship to other technologies      
       I.6      OATH, TCG, PKCS#11, and ISO 24727    
Appendix II – UAF Authenticator-Specific Module API    
       II.1     Code example format
      II.2      ASM requests and responses 
      II.3      Using ASM API              
      II.4      ASM APIs for various platforms             
      II.5      CTAP2 interface           
      II.6      Security and privacy guidelines              
Bibliography