Client to Authenticator Protocol
The Client to Authenticator Protocol (CTAP) enables a roaming, user-controlled cryptographic authenticator (such as a smartphone or a hardware security key) to interoperate with a client platform (such as a laptop computer). CTAP is complementary to the Web Authentication (WebAuthn) standard published by the World Wide Web Consortium (W3C).[1] WebAuthn and CTAP are the primary outputs of the FIDO2 Project, a joint effort between the FIDO Alliance and the W3C.[2]
CTAP is based upon previous work done by the FIDO Alliance, in particular the Universal 2nd Factor (U2F) authentication standard. Specifically, the FIDO U2F 1.2 Proposed Standard (July 11, 2017) became the starting point for the CTAP 2.0 Proposed Standard, which was published on September 27, 2017.
The CTAP 2.0 specification refers to two protocol versions, the CTAP1/U2F protocol and the CTAP2 protocol.[3] An authenticator that implements one (or both) of these protocols is typically referred to as an U2F authenticator or a FIDO2 authenticator, respectively.
A single authenticator may simultaneously support both CTAP1/U2F and CTAP2. That is, a FIDO2 authenticator (also called a WebAuthn authenticator) may be backward compatible with U2F.
References
- ^ Balfanz, Dirk; Czeskis, Alexei; Hodges, Jeff; Jones, J.C.; Jones, Michael B.; Kumar, Akshay; Liao, Angelo; Lindemann, Rolf; Lundberg, Emil (eds.). "Web Authentication: An API for accessing Public Key Credentials Level 1". World Wide Web Consortium (W3C). Retrieved 30 January 2019.
- ^ "FIDO2: Moving the World Beyond Passwords". FIDO Alliance. Retrieved 30 January 2019.
- ^ Brand, Christiaan; Czeskis, Alexei; Ehrensvärd, Jakob; Jones, Michael B.; Kumar, Akshay; Lindemann, Rolf; Powers, Adam; Verrept, Johan, eds. (February 27, 2018). "Client to Authenticator Protocol (CTAP)". FIDO Alliance. Retrieved 30 January 2019.