Update December 7th, 2016: FIDO Alliance has announced the availability of the UAF 1.1 and U2F 1.1 specifications, which are available below. Older versions of the specifications can be found in the specification archive along with the Chinese translation of the UAF 1.0 specifications. The FIDO Specification Status and Intellectual Property Rights (IPR) of the FIDO Alliance specifications can be found here.
The FIDO Alliances publishes the following technical specifications for any implementer to download. In addition, the Alliance is providing support for implementers of FIDO authentication technology by operating the firstname.lastname@example.org public discussion list. Please post any questions you may have about implementing the FIDO specifications in that forum.
The FIDO Alliance produces PDF-formatted specifications as a convenience for readers, however readers are advised to refer to the HTML-formatted specs if they encounter any formatting issues with the PDF-formatted specs.
IF YOU ARE NOT YET A MEMBER OF THE FIDO ALLIANCE, AND YOU WOULD LIKE TO COMMENT ON OUR PUBLIC DRAFT SPECIFICATIONS, PLEASE USE THE CONTACT US FORM.
U2F v1.1 Specifications
FIDO U2F Complete Specifications
This is a zip file containing the U2F 1.1 Specifications public snapshot of FIDO Alliance Universal 2nd Factor (U2F) specs approved September 15th, 2016. Included in the latest U2F 1.1 specifications is:
- Change USB transport to conform to ISO7816-4
- NFC (ISO7816-4) support
- Bluetooth Low Energy support
- Expanded Metadata Service specification to include U2F
download: ZIP (ALL FILES)
FIDO U2F Architectural Overview
This overview document describes the various design considerations which go into the protocol in detail and describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents. It describes the various privacy considerations in the protocol design through the document and summarizes these at the end.
You should read this document first if you are new to U2F.
This document describes the client side API in the web browser for accessing U2F capabilities. An online service or website can levearge U2F by using this API on the client side and pairing it with a server which can verify U2F messages on the server side. (Later specifications will describe APIs in non-browser contexts).
FIDO U2F Raw Message Formats
This document describes the binary format of request messages which go from the FIDO U2F server to the FIDO U2F token and the binary format of the response messages from the token to the server. These messages are encoded by the browser (FIDO client) for communication over a particular transport (such as USB) to the cryptographic core of the token which performs key generation and signing. A header file with standard values is also specified.
FIDO U2F HID Protocol
UAF v1.1 Specifications
FIDO UAF Complete Specifications
This is a zip file containing the UAF 1.1 Specifications public snapshot of FIDO Alliance Universal Authentication Framework (UAF) specs as approved October 5th, 2016. Included in the UAF 1.1 specifications is:
- Android “N” attestation support
- APDU framing of commands (optional – for “smart cards”)
- New metadata statement fields
- “Delete-all” de-provisioning Functionality
download: ZIP (all files)
FIDO UAF Architectural Overview
This overview document describes the various protocol design considerations in detail and also describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents.
You should read this document first if you are new to UAF.
FIDO UAF Authenticator Metadata Statements
This document defines the authenticator metadata. This metadata in turn describes FIDO authenticator form factors, characteristics, and capabilities. The metadata is used to inform relying party interactions with, and make policy decisions about, the authenticators.
FIDO UAF Readme
This is a README for the fido-uaf-README-v1.1-rd-2016100 REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal Authentication Framework (UAF) specs as approved October 5th, 2016.
FIDO 2.0 Specifications
FIDO 2.0 DRAFT SPECIFICATIONS
This is a zip file containing the DRAFT specifications public snapshot of FIDO 2.0 also known as W3C WebAuthn, published on September 4, 2015 and delivered to W3C on November 12, 2015.
download: ZIP (all files)
About FIDO Specification Status and Intellectual Property Rights (IPR)
Summary of IPR Status of the Specifications on this site:
|U2F 1.0||Proposed Standard Expanded to the World|
|U2F 1.1||Implementation Draft|
|UAF 1.0||Proposed Standard Expanded to the World|
|UAF 1.1||Review Draft|
|FIDO 2.0 Submission to W3C||Proposed Standard Expanded to the World|
Explanation of IPR Status
FIDO Alliance specifications progress through various stages, Pre-Draft, Working Draft, Review Draft, Implementation Draft, Proposed Standard and Proposed Standard Expanded to the World. The Promise, the covenant FIDO Alliance Member organizations make not to assert their patent rights against other compliant implementations, is applied differently based on the specification stage. The Promise does not apply for Pre-Draft, Working Draft and Review Draft specification stages. At Implementation Draft stage, the Promise is provided by FIDO Alliance Working Group members to other FIDO Alliance Working Group members. At Proposed Standard stage, the Promise is provided by all FIDO Alliance members to all other FIDO Alliance members. At Proposed Standard Expanded to the World stage, the Promise is provided by all FIDO Alliance members to any party in the world. It is understood that the above is a brief summary and that the actual terms are provided in the FIDO Alliance Membership Agreement, which should be consulted for any specific case.
The FIDO Alliance Membership Agreement provides Members the opportunity to make withdrawals of Granted Claims from the Promise under certain conditions. The FIDO Alliance Membership Agreement should be consulted for the specific conditions. The Board is pleased to report to the public that it has received no such notice pertaining to any of the Specifications published on this site. Implementers interested in learning more about what this means are encouraged to review our IPR Summary and/or section 6 of the FIDO Alliance Membership Agreement.