========================================================
fido-u2f-v1.0-rd-20140209-README.txt
========================================================

Context: This is a README for the fido-u2f-v1.0-rd-20140209 REVIEW
DRAFT public snapshot of in-progress FIDO Alliance Universal 2nd
Factor (U2F) specs as of 2014-02-09.

Spec set version identifier:	"fido-u2f-v1.0-rd-20140209"

Spec set filename:			fido-u2f-v1.0-rd-20140209.zip

public download:
  http://fidoalliance.org/specs/fido-u2f-v1.0-rd-20140209.zip

File Manifest:
==============
within fido-u2f-v1.0-rd-20140209.zip there are these files:

fido-u2f-overview-v1.0-rd-20140209.pdf
fido-u2f-javascript-api-v1.0-rd-20140209.pdf
fido-u2f-raw-message-formats-v1.0-rd-20140209.pdf
fido-u2f-usb-framing-of-apdus-v1.0-rd-20140209.pdf
fido-u2f-implementation-considerations-v1.0-rd-20140209.pdf
fido-u2f-application-isolation-through-facet-identification-v1.0-rd-20140209.pdf
fido-security-ref-v1.0-rd-20140209.pdf
fido-glossary-v1.0-rd-20140209.pdf

Roadmap:
========

  FIDO U2F Architectural Overview
  fido-u2f-overview-v1.0-rd-20140209.pdf

  This overview document describes the various design considerations
  which go into the protocol in detail and describes the user flows in
  detail. It describes the layering and intention of each of the
  detailed protocol documents. It describes the various privacy
  considerations in the protocol design through the document and
  summarizes these at the end.
   
  READ THIS DOCUMENT FIRST BEFORE READING THE DETAILED DOCS.

  http://fidoalliance.org/specs/fido-u2f-overview-v1.0-rd-20140209.pdf

  =-=-=-=

  FIDO U2F Javascript API
  fido-u2f-javascript-api-v1.0-rd-20140209.pdf

  This document describes the client side API in the web browser for
  accessing U2F capabilities. An online service or website can
  levearge U2F by using this API on the client side and pairing it
  with a server which can verify U2F messages on the server
  side. (Later specifications will escribe APIs in non-browser
  contexts).
  
  http://fidoalliance.org/specs/fido-u2f-javascript-api-v1.0-rd-20140209.pdf

  =-=-=-=
  FIDO U2F Raw Message Formats
  fido-u2f-raw-message-formats-v1.0-rd-20140209.pdf

  This document describes the binary format of request messages which
  go from the FIDO U2F server to the FIDO U2F token and the binary
  format of the response messages from the token to the server. These
  messages are encoded by the browser (FIDO client) for communication
  over a particular transport (such as USB) to the cryptographic core
  of the token which performs key generation and signing.

  http://fidoalliance.org/specs/fido-u2f-raw-message-formats-v1.0-rd-20140209.pdf
  
  =-=-=-=

  FIDO U2F USB Framing of APDUs
  fido-u2f-usb-framing-of-apdus-v1.0-rd-20140209.pdf
    
  This document describes how the browser (FIDO client) frames the
  binary raw messages coming from the javascript API for transport
  over USB to a U2F token.  The binary messages become arguments to
  APDU commands and responses and these are framed over USB. The
  choice of APDUs makes it easy to implement U2F tokens backed by
  standard secure elements which understand APDUs natively. [Later
  specifications will specify how the javascript APIs frames raw
  messages over other (non-USB) transports].
  
  http://fidoalliance.org/specs/fido-u2f-usb-framing-of-apdus-v1.0-rd-20140209.pdf
  
  =-=-=-=

  FIDO U2F Implementation Considerations
  fido-u2f-implementation-considerations-v1.0-rd-20140209.pdf
  
  This document describes implementation considerations and
  recommendations for creators of U2F devices and for relying parties
  implementing U2F support.
  
  http://fidoalliance.org/specs/fido-u2f-implementation-considerations-v1.0-rd-20140209.pdf
  
  =-=-=-=

  FIDO U2F Application Isolation through Facet Identification
  fido-u2f-application-isolation-through-facet-identification-v1.0-rd-20140209.pdf
    
  The U2F protocol ensures that the origin foo.com can only exercise a
  key that was issued for foo.com by the U2F token.  foo.com may have
  an app in non-browser environments and the same portable token may
  be exercised there too. This document describes how the various
  embodiments of foo.com (in a browser, in a mobile OS etc) securely
  assert the same origin to the token.
  
  http://fidoalliance.org/specs/fido-u2f-application-isolation-through-facet-identification-v1.0-rd-20140209.pdf
  
  =-=-=-=

  FIDO Security Reference
  fido-security-ref-v1.0-rd-20140209.pdf
  
  This document analyzes the FIDO security. The analysis is performed
  on the basis of the FIDO Universal Authentication Framework (UAF)
  specification and FIDO Universal 2nd Factor (U2F) specifications as
  of the date of this publication.
  
  http://fidoalliance.org/specs/fido-security-ref-v1.0-rd-20140209.pdf
  
  =-=-=-=

  FIDO Technical Glossary
  fido-glossary-v1.0-rd-20140209.pdf

  This document defines many of the technical terms and phrases used in
  FIDO Alliance specifications and documents.
  
  http://fidoalliance.org/specs/fido-glossary-v1.0-rd-20140209.pdf
  =-=-=-=