The FIDO Alliance has two sets of specifications, U2F and UAF. The Alliance is providing support for deployers of the technology by operating the new email@example.com public discussion list.
The FIDO Alliance produces PDF-formatted specifications as a convenience for readers, however there are occasional issues with these PDF-formatted specifications — for example, truncated figures and spurious characters. Thus readers are advised to refer to the HTML-formatted specs upon encountering any such issues with the PDF-formatted specs.
The latest revisions will always be available on the specifications download page.
IF YOU ARE NOT YET A MEMBER OF THE FIDO ALLIANCE, AND YOU WOULD LIKE TO COMMENT ON OUR PUBLIC DRAFT SPECIFICATIONS, PLEASE USE THE CONTACT US FORM.
FIDO UAF Complete Specifications
This is a zip file containing the FINAL 1.0 Specifications public snapshot of FIDO Alliance Universal Authentication Framework (UAF) specs published on 2014-12-09.
download: ZIP (all files)
FIDO UAF Architectural Overview
This overview document describes the various protocol design considerations in detail and also describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents.
You should read this document first if you are new to UAF.
FIDO UAF Authenticator Metadata Statements
This document defines the authenticator metadata. This metadata in turn describes FIDO authenticator form factors, characteristics, and capabilities. The metadata is used to inform relying party interactions with, and make policy decisions about, the authenticators.
FIDO AppID and Facet Specification
This document defines the scope of user credentials and how a trusted computing base which supports application isolation may make access control decisions about which keys can be used by which applications and web origins.
FIDO UAF Readme
This is a README for the fido-uaf-v1.0-rd-20141008 REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal Authentication Framework (UAF) specs as of 2014-12-08.
FIDO U2F Complete Specifications
This is a zip file containing the 1.0 Specifications public snapshot of FIDO Alliance Universal 2nd Factor (U2F) specs with Bluetooth and NFC transports published on 2015-05-14.
download: ZIP (ALL FILES)
FIDO U2F Architectural Overview
This overview document describes the various design considerations which go into the protocol in detail and describes the user flows in detail. It describes the layering and intention of each of the detailed protocol documents. It describes the various privacy considerations in the protocol design through the document and summarizes these at the end.
You should read this document first if you are new to U2F.
This document describes the client side API in the web browser for accessing U2F capabilities. An online service or website can levearge U2F by using this API on the client side and pairing it with a server which can verify U2F messages on the server side. (Later specifications will describe APIs in non-browser contexts).
FIDO U2F Raw Message Formats
This document describes the binary format of request messages which go from the FIDO U2F server to the FIDO U2F token and the binary format of the response messages from the token to the server. These messages are encoded by the browser (FIDO client) for communication over a particular transport (such as USB) to the cryptographic core of the token which performs key generation and signing. A header file with standard values is also specified.
FIDO U2F HID Protocol