FIDO, Carry-On →
Dan Blum, writing at Security-Architect, regales us with a - frankly - superb explanatory post regarding FIDO, also known as Fast Identity Online. His article is highly regarded around here, and I recommend visting the site, straight-away!
'The core FIDO2 speification are:
FIDO Client To Authenticator Protocol (CTAP): CTAP specifies a protocol for communication between a personal device with cryptographic capabilities (aka authenticator) and a host computer that wishes to use these capabilities for security functions including strong user authentication...!”
FIDO Web API (WebAuthn): Defines how to use the WebCrypto APIs to allow web pages to access strong credentials through browser JavaScript, in a way that is easy to use for developers to code...
FIDO Attestation: Defines attestation formats used to validate FIDO Authenticators, uses of FIDO 2.0 credentials, and associated user verification methods. FIDO attestation could be mapped as authentication context to federation servers or other conditional/adaptive authentication systems.'