Download Specifications

Both UAF (Universal Authentication Framework) and U2F (Universal 2nd Factor) Specifications are listed below and available to download.  For introductory information about the different use cases these two Specifications address and how they work, please refer to the Overview:

 

IF YOU ARE NOT YET A MEMBER OF THE FIDO ALLIANCE, AND YOU WOULD LIKE TO COMMENT ON OUR PUBLIC DRAFT SPECIFICATIONS, PLEASE USE THE CONTACT US FORM.

UAF Specifications

FIDO UAF Complete Specifications
This is a zip file containing the REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal Authentication Framework (UAF) specs as of 2014-10-08.

download:

/specs/fido-uaf-v1.0-rd-20141008.zip

 

FIDO UAF Architectural Overview
This overview document describes the various protocol design considerations in detail and also describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents. You should read this document first if you are new to UAF.

download:

/specs/fido-uaf-overview-v1.0-rd-20141008.pdf

 

FIDO UAF Protocol Specification
This document defines the message formats and processing rules for all UAF protocol messages.

download:

/specs/fido-uaf-protocol-v1.0-rd-20141008.pdf

 

UAF Application API and Transport Binding Specification
This document describes the client side APIs and interoperability profile for client applications to utilize FIDO UAF.

download:

/specs/fido-uaf-client-api-transport-v1.0-rd-20141008.pdf

 

FIDO UAF Authenticator-specific Module API
This document defines Authenticator-specific Modules and the API provided to the FIDO client by ASMs.

download:

/specs/fido-uaf-asm-api-v1.0-rd-20141008.pdf

 

FIDO UAF Authenticator Command
This document describes Low-level functionality that UAF Authenticators should implement to support the UAF protocol.

download:

/specs/fido-uaf-authnr-cmds-v1.0-rd-20141008.pdf

 

FIDO UAF Authenticator Metadata Statements
This document defines the authenticator metadata. This metadata in turn describes FIDO authenticator form factors, characteristics, and capabilities. The metadata is used to inform relying party interactions with, and make policy decisions about, the authenticators.

download:

/specs/fido-uaf-authnr-metadata-v1.0-rd-20141008.pdf

 

FIDO UAF Authenticator Metadata Service
Baseline method for relying parties to obtain FIDO Metadata statements.

download:

/specs/fido-uaf-metadata-service-v1.0-rd-20141008.pdf

 

UAF Registry of Predefined Values
This document defines all the strings and constants reserved by UAF protocols.

download:

/specs/fido-uaf-reg-v1.0-rd-20141008.pdf

 

FIDO AppID and Facet Specification
This document defines the scope of user credentials and how a trusted computing base which supports application isolation may make access control decisions about which keys can be used by which applications and web origins.

download:

/specs/fido-appid-and-facets-v1.0-rd-20141008.pdf

 

FIDO Security Reference
Provides an analysis of FIDO security based on detailed analysis of security threats pertinent to the FIDO protocols based on its goals, assumptions, and inherent security measures.

download:

/specs/fido-security-ref-v1.0-rd-20141008.pdf

 

FIDO Technical Glossary
Defines the technical terms and phrases used in FIDO Alliance specifications and documents.

download:

/specs/fido-glossary-v1.0-rd-20141008.pdf

 

FIDO UAF Readme
This is a README for the fido-uaf-v1.0-rd-20141008 REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal Authentication Framework (UAF) specs as of 2014-10-08.

download:

/specs/fido-uaf-v1.0-rd-20141008-README.txt

 

U2F Specifications

FIDO U2F Complete Specifications
This is a zip file containing the REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal 2nd Factor (U2F) specs as of 2014-10-08.

download:

/specs/fido-u2f-v1.0-rd-20141008.zip

 

FIDO U2F Architectural Overview
This overview document describes the various design considerations which go into the protocol in detail and describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents. It describes the various privacy considerations in the protocol design through the document and summarizes these at the end. READ THIS DOCUMENT FIRST BEFORE READING THE DETAILED DOCS.

download:

/specs/fido-u2f-overview-v1.0-rd-20141008.pdf

 

FIDO U2F Javascript API
This document describes the client side API in the web browser for accessing U2F capabilities. An online service or website can levearge U2F by using this API on the client side and pairing it with a server which can verify U2F messages on the server side. (Later specifications will describe APIs in non-browser contexts).

download:

/specs/fido-u2f-javascript-api-v1.0-rd-20141008.pdf

 

FIDO U2F Raw Message Formats
This document describes the binary format of request messages which go from the FIDO U2F server to the FIDO U2F token and the binary format of the response messages from the token to the server. These messages are encoded by the browser (FIDO client) for communication over a particular transport (such as USB) to the cryptographic core of the token which performs key generation and signing. A header file with standard values is also specified.

download:

/specs/fido-u2f-raw-message-formats-v1.0-rd-20141008.pdf
/specs/fido-u2f-u2f.h-v1.0-rd-20141008.pdf

 

FIDO U2F HID Protocol
This document describes how the browser (FIDO client) frames the binary raw messages coming from the javascript API for transport over USB-HID to a U2F token. The binary raw messages are described in the 'FIDO U2F Raw Message Formats' document. A header file with standard values is also specified. [Later specifications will specify how the javascript APIs frames raw messages over other (non-USB) transports].

download:

/specs/fido-u2f-HID-protocol-v1.0-rd-20141008.pdf
/specs/fido-u2f-u2f_hid.h-v1.0-rd-20141008.pdf

 

FIDO U2F Implementation Considerations
This document describes implementation considerations and recommendations for creators of U2F devices and for relying parties implementing U2F support.

download:

/specs/fido-u2f-implementation-considerations-v1.0-rd-20141008.pdf

 

FIDO AppID and Facet Specification
This document defines the scope of user credentials and how a trusted computing base which supports application isolation may make access control decisions about which keys can be used by which applications and web origins.

download:

/specs/fido-appid-and-facets-v1.0-rd-20141008.pdf

 

FIDO Security Reference
Provides an analysis of FIDO security based on detailed analysis of security threats pertinent to the FIDO protocols based on its goals, assumptions, and inherent security measures.

download:

/specs/fido-security-ref-v1.0-rd-20141008.pdf

 

FIDO Technical Glossary
Defines the technical terms and phrases used in FIDO Alliance specifications and documents.

download:

/specs/fido-glossary-v1.0-rd-20141008.pdf

 

FIDO U2F Readme
This is a README for the fido-u2f-v1.0-rd-20141008 REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal 2nd Factor (U2F) specs as of 2014-10-08.

download:

/specs/fido-u2f-v1.0-rd-20141008-README.txt