======================================================== fido-uaf-v1.0-rd-20140209-README.txt ======================================================== Context: This is a README for the fido-uaf-v1.0-rd-20140209 REVIEW DRAFT public snapshot of in-progress FIDO Alliance Universal Authentication Framework (UAF) specs as of 2014-02-09. Spec set version identifier: "fido-uaf-v1.0-rd-20140209" Spec set filename: fido-uaf-v1.0-rd-20140209.zip public download: http://fidoalliance.org/specs/fido-uaf-v1.0-rd-20140209.zip File Manifest: ============== within fido-uaf-v1.0-rd-20140209.zip there are these files: fido-glossary-v1.0-rd-20140209.pdf fido-security-ref-v1.0-rd-20140209.pdf fido-uaf-asm-api-v1.0-rd-20140209.pdf fido-uaf-authnr-cmds-v1.0-rd-20140209.pdf fido-uaf-authnr-metadata-v1.0-rd-20140209.pdf fido-uaf-client-api-transport-v1.0-rd-20140209.pdf fido-uaf-overview-v1.0-rd-20140209.pdf fido-uaf-protocol-v1.0-rd-20140209.pdf fido-uaf-reg-v1.0-rd-20140209.pdf Roadmap: ======== This ordering of these specs peels the UAF onion from the outside to the core (note: the Security Reference is listed at the end because it is a wholistic analysis of the entire architecture)... FIDO UAF Architectural Overview fido-uaf-overview-v1.0-rd-20140209.pdf The FIDO UAF Architectural Overview describes the components, protocols, and interfaces that make up the FIDO UAF strong authentication ecosystem. http://fidoalliance.org/specs/fido-uaf-overview-v1.0-rd-20140209.pdf =-=-=-= FIDO UAF Protocol Specification fido-uaf-protocol-v1.0-rd-20140209.pdf This document defines the flow and content of all UAF protocol messages and presents the rationale behind the design choices. http://fidoalliance.org/specs/fido-uaf-protocol-v1.0-rd-20140209.pdf =-=-=-= FIDO Technical Glossary fido-glossary-v1.0-rd-20140209.pdf This document defines many of the technical terms and phrases used in FIDO Alliance specifications and documents. http://fidoalliance.org/specs/fido-glossary-v1.0-rd-20140209.pdf =-=-=-= FIDO UAF Application API and Transport Binding Specification fido-uaf-client-api-transport-v1.0-rd-20140209.pdf Describes APIs and an interoperability profile for client applications to utilize FIDO UAF. This includes methods of communicating with a FIDO Client for both Web platform and Android apps, transport requirements, and an HTTPS interoperability profile for sending UAF messages to a compatible server. http://fidoalliance.org/specs/fido-uaf-client-api-transport-v1.0-rd-20140209.pdf =-=-=-= FIDO UAF Authenticator-specific Module API fido-uaf-asm-api-v1.0-rd-20140209.pdf Different UAF authenticators may be connected to a user device via various physical interfaces. The UAF Authenticator-specific module (ASM) is a software interface on top of UAF authenticators which gives a standardized way for FIDO UAF Clients to detect and access the functionality of UAF authenticators. This document describes the internal functionality of ASMs, defines the UAF ASM API and explains how UAF Clients should use it. http://fidoalliance.org/specs/fido-uaf-asm-api-v1.0-rd-20140209.pdf =-=-=-= FIDO UAF Authenticator Commands fido-uaf-authnr-cmds-v1.0-rd-20140209.pdf UAF Authenticators may take different forms. Implementations may range from a secure application running inside tamper-resistant hardware to software-only solutions on consumer devices. This document defines the normative aspects of Authenticator implementations, and also proposes a common, non-normative set of commands implementing UAF functionality. http://fidoalliance.org/specs/fido-uaf-authnr-cmds-v1.0-rd-20140209.pdf =-=-=-= FIDO UAF Authenticator Metadata fido-uaf-authnr-metadata-v1.0-rd-20140209.pdf FIDO Authenticators may have many different form factors, characteristics and capabilities. This document defines a standard means to describe the relevant pieces of information about an Authenticator in order to interoperate with it, or to make risk-based policy decisions about transactions involving a particular authenticator. http://fidoalliance.org/specs/fido-uaf-authnr-metadata-v1.0-rd-20140209.pdf =-=-=-= FIDO UAF Registry of Predefined Values fido-uaf-reg-v1.0-rd-20140209.pdf This document defines all the strings and constants reserved by UAF protocols. The values defined in this document are referenced by various UAF specifications. http://fidoalliance.org/specs/fido-uaf-reg-v1.0-rd-20140209.pdf =-=-=-= FIDO Security Reference fido-security-ref-v1.0-rd-20140209.pdf This document analyzes the FIDO security. The analysis is performed on the basis of the FIDO Universal Authentication Framework (UAF) specification and FIDO Universal 2nd Factor (U2F) specifications as of the date of this publication. http://fidoalliance.org/specs/fido-security-ref-v1.0-rd-20140209.pdf =-=-=-=