1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
4 Abbreviations and acronyms
5 Conventions
6 Overview
6.1 Architecture
6.2 Protocol conversation
6.3 Relationship to other specifications
7 Protocol details
7.1 Shared structures and types
7.2 Processing rules for the server policy
7.3 Version negotiation
7.4 Registration operation
7.5 Authentication operation
7.6 Deregistration operation
8 Considerations
8.1 Protocol core design considerations
8.2 Implementation
considerations
8.3 Security considerations
8.4 Interoperability considerations
9 UAF supported assertion schemes
9.1 Assertion scheme "UAFV1TLV"
Annex A – UAF android protected confirmation assertion format
A.1 Data structures for APCV1CBOR
A.2 Authentication assertion
A.3 Processing rules
A.4 Example for metadata statement
Annex B – UAF web authentication assertion format
B.1 Data structures for WAV1CBOR
B.2 Processing rules
B.3 Mapping CTAP2 error codes to ASM error codes
Annex C – UAF authenticator Commands
C.1 UAF authenticator
C.2 Tags
C.3 Structures
C.4 UserVerificationToken
C.5 Commands
C.6 KeyIDs and key handles
C.7 Access control for commands
C.8 Considerations
C.9 Relationship to other standards
C.10 Security guidelines
Annex D – UAF application API and transport binding
D.1 Audience
D.2 Scope
D.3 Architecture
D.4 Common definitions
D.5 Shared definitions
D.6 DOM API
D.7 Android Intent API
D.8 iOS Custom URL API
D.9 Transport binding profile
Annex E – UAF registry of predefined values
E.1 Authenticator characteristics
E.2 Predefined Tags
E.3 Predefined extensions
E.4 Other identifiers specific to UAF
Appendix I – UAF architectural overview
I.1 Background
I.2 UAF high-level architecture
I.3 UAF usage scenarios and protocol message flows
I.4 Privacy considerations
I.5 Relationship to other technologies
I.6 OATH, TCG, PKCS#11, and ISO 24727
Appendix II – UAF Authenticator-Specific Module API
II.1 Code example format
II.2 ASM requests and responses
II.3 Using ASM API
II.4 ASM APIs for various platforms
II.5 CTAP2 interface
II.6 Security and privacy guidelines
Bibliography