1 Scope
2 References
3 Definitions
3.1 Terms defined elsewhere
3.2 Terms defined in this
Recommendation
4 Abbreviations and
acronyms
5 Conventions
5.1 Notation
5.2 Conformance
6 Introduction
6.1 Background
6.2 FIDO UAF documentation
6.3 FIDO UAF goals
7 FIDO UAF
high-level architecture
7.1 FIDO
UAF client
7.2 FIDO
UAF server
7.3 FIDO UAF protocols
7.4 FIDO UAF authenticator
abstraction layer
7.5 FIDO UAF authenticator
7.6 FIDO UAF authenticator metadata
validation
8 FIDO UAF usage
scenarios and protocol message flows
8.1 FIDO UAF authenticator
acquisition and user enrollment
8.2 Authenticator registration
8.3 Authentication
8.4 Step-up authentication
8.5 Transaction confirmation
8.6 Authenticator deregistration
8.7 Adoption of new types of FIDO
UAF authenticators
9 Privacy
considerations
10 Relationship to other technologies
10.1 OATH, TCG, PKCS#11 and ISO 24727
Annex A – FIDO UAF protocol specification
A.1 Summary
A.2 Abstract
A.3 Overview
A.4 Protocol details
A.5 Considerations
A.6 UAF supported assertion schemes
80
Annex B – UAF application API and transport binding specification
B.1 Summary
B.2 Overview 82
B.3 The AppID and FacetID assertions
Annex C – FIDO UAF authenticator commands 89
C.1 Summary 89
C.2 Overview 89
C.3 UAF authenticator
C.4 Tags 92
C.5 Structures 98
C.6 Commands 104
C.7 KeyIDs and key handles
117
C.8 Access control for commands 119
C.9 Considerations 119
C.10 Relationship to other standards
120
C.11 Security guidelines 121
Annex D – FIDO UAF authenticator-specific module API 126
D.1 Summary
D.2 Overview
D.3 ASM requests and responses
D.4 Using ASM API
D.5 Using
the ASM API on various platforms
D.6 Security and privacy guidelines
Annex E – UAF registry of predefined values
E.1 Overview
E.2 Authenticator characteristics
Annex F – UAF APDU
F.1 Summary
F.2 Introduction
F.3 SE-based authenticator
implementation sse cases
F.4 FIDO UAF applet and APDU
commands
F.5 Security considerations
Annex G – FIDO AppID and facets specification
G.1 Summary
G.2 Overview
G.3 The AppID and FacetID assertions
Annex H – FIDO metadata statements
H.1 Summary
H.2 Overview
H.3 Types
H.4 Metadata keys
H.5 Metadata statement format
H.6 Additional considerations
Annex I – FIDO metadata service
I.1 Summary
I.2 Overview
I.3 Metadata service
details
I.4 Considerations
Annex J – FIDO ECDAA algorithm
J.1 Summary
J.2 Overview
J.3 FIDO ECDAA
attestation
J.4 FIDO ECDAA object
formats and algorithm details
J.5 Considerations
Annex K – FIDO registry of predefined values
K.1 Summary
K.2 Overview
K.3 Authenticator characteristics
Annex L – FIDO security reference
L.1 Summary
L.2 Introduction
L.3 Attack classification
L.4 UAF security goals
L.5 FIDO security measures
L.6 UAF security assumptions
L.7 Threat analysis
Bibliography