Table of Contents - ITU-T Rec. X.1277 (11/2018) Universal authentication framework

�1�� Scope��
�2�� References
�3�� Definitions
�� 3.1�� Terms defined elsewhere��
�� 3.2�� Terms defined in this Recommendation��
�4�� Abbreviations and acronyms��
�5�� Conventions��
�� 5.1�� Notation��
�� 5.2�� Conformance
�6�� Introduction��
�� 6.1�� Background��
�� 6.2�� FIDO UAF documentation��
�� 6.3�� FIDO UAF goals��
�7�� FIDO UAF high-level architecture��
�� 7.1�� FIDO UAF client��
�� 7.2�� FIDO UAF server��
�� 7.3�� FIDO UAF protocols��
�� 7.4�� FIDO UAF authenticator abstraction layer��
�� 7.5�� FIDO UAF authenticator��
�� 7.6�� FIDO UAF authenticator metadata validation��
�8�� FIDO UAF usage scenarios and protocol message flows��
�� 8.1�� FIDO UAF authenticator acquisition and user enrollment��
�� 8.2�� Authenticator registration��
�� 8.3�� Authentication��
�� 8.4�� Step-up authentication��
�� 8.5�� Transaction confirmation��
�� 8.6�� Authenticator deregistration�
�� 8.7�� Adoption of new types of FIDO UAF authenticators��
�9�� Privacy considerations��
10�� Relationship to other technologies
�� 10.1�� OATH, TCG, PKCS#11 and ISO 24727��
Annex A � FIDO UAF protocol specification��
�� A.1�� Summary��
�� A.2�� Abstract��
�� A.3�� Overview��
�� A.4�� Protocol details��
�� A.5�� Considerations��
�� A.6�� UAF supported assertion schemes�� 80
Annex B � UAF application API and transport binding specification� ��
�� B.1�� Summary ��
�� B.2�� Overview�� 82
�� B.3�� The AppID and FacetID assertions ��
Annex C � FIDO UAF authenticator commands�� 89
�� C.1�� Summary�� 89
�� C.2�� Overview�� 89
�� C.3�� UAF authenticator��
�� C.4�� Tags� �� 92
�� C.5�� Structures�� 98
�� C.6�� Commands�� 104
�� C.7�� KeyIDs and key handles�� 117
�� C.8�� Access control for commands �� 119
�� C.9�� Considerations�� 119
�� C.10�� Relationship to other standards�� 120
�� C.11�� Security guidelines�� 121
Annex D � FIDO UAF authenticator-specific module API�� 126
�� D.1�� Summary ��
�� D.2�� Overview ��
�� D.3�� ASM requests and responses
�� D.4�� Using ASM API ��
�� D.5�� Using the ASM API on various platforms ��
�� D.6�� Security and privacy guidelines ��
Annex E � UAF registry of predefined values��
�� E.1�� Overview ��
�� E.2�� Authenticator characteristics
Annex F � UAF APDU��
�� F.1�� Summary ��
�� F.2�� Introduction �
�� F.3�� SE-based authenticator implementation sse cases ��
�� F.4�� FIDO UAF applet and APDU commands ��
�� F.5�� Security considerations ��
Annex G � FIDO AppID and facets specification��
�� G.1�� Summary ��
�� G.2�� Overview ��
�� G.3�� The AppID and FacetID assertions ��
Annex H � FIDO metadata statements��
�� H.1�� Summary ��
�� H.2�� Overview ��
�� H.3�� Types ��
�� H.4�� Metadata keys ��
�� H.5�� Metadata statement format
�� H.6�� Additional considerations ��
Annex I � FIDO metadata service��
�� I.1�� Summary ��
�� I.2�� Overview ��
�� I.3�� Metadata service details ��
�� I.4�� Considerations
Annex J � FIDO ECDAA algorithm��
�� J.1�� Summary ��
�� J.2�� Overview ��
�� J.3�� FIDO ECDAA attestation ��
�� J.4�� FIDO ECDAA object formats and algorithm details��
�� J.5�� Considerations
Annex K � FIDO registry of predefined values��
�� K.1�� Summary ��
�� K.2�� Overview ��
�� K.3�� Authenticator characteristics
Annex L � FIDO security reference��
�� L.1�� Summary ��
�� L.2�� Introduction �
�� L.3�� Attack classification ��
�� L.4�� UAF security goals ��
�� L.5�� FIDO security measures��
�� L.6�� UAF security assumptions ��
�� L.7�� Threat analysis ��
Bibliography��