On our journey to deprecate the password: Public Implementation Draft of FIDO2 Client to Authenticator Protocol (CTAP) specification

I’m pleased to report that a public Implementation Draft of the FIDO2 Client to Authenticator Protocol (CTAP) specification has been published. This specification enables FIDO2 clients, such as browsers implementing the W3C Web Authentication (WebAuthn) specification, to perform authentication using pairwise public/private key pairs securely held by authenticators speaking the CTAP protocol (rather than passwords). Use of three transports for communicating with authenticators is specified in the CTAP specification: USB Human Interface Device (USB HID), Near Field Communication (NFC), and Bluetooth Smart/Bluetooth Low Energy Technology (BLE).

This specification was developed in parallel with WebAuthn, including having a number of common authors. This CTAP version is aligned with the WebAuthn Candidate Recommendation (CR) version.

The CTAP Implementation Draft is available at:

https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html

Congratulations to the members of the FIDO2 working group for reaching this important milestone. This is a major step in our journey to deprecate the password!

Musings on Digital Identity

On our journey to deprecate the password: Public Implementation Draft of FIDO2 Client to Authenticator Protocol (CTAP) specification

Leave a Reply

On our journey to deprecate the password: Public Implementation Draft of FIDO2 Client to Authenticator Protocol (CTAP) specification

Additional RSA Algorithms for COSE Messages Registered by W3C WebAuthn

“CBOR Web Token (CWT)” is now RFC 8392

Leave a Reply