| Term | Description |
|---|---|
| Assertion | Verification of a signature against an existing credential |
| Attestation | Creation and declaration of a new credential |
| Authenticator | The device through which authentication occurs, typically a Platform authenticator (mobile device) or external security key |
| Authorization gesture | A physical interaction with an authenticator, for example touch of a finger, or scan of a face. |
Base64URL |
Modification of the main Base64 standard supporting use in URL addresses. |
| Biometric | A physical characteristic such as fingerprint or facial appearance |
| CBOR | Concise Binary Object Representation. |
| Challenge | Random set of bits used to prevent replay attacks. |
| COSE | CBOR Object Signing and Encryption. Find a list of numeric identifiers (such as -7, -257 etc) and algorithms here. |
| CTAP | Client to Authenticator Protocol |
| Credential | Contains a challenge, public key, and meta data about the credential. |
| Private key | Matches to the corresponding public key |
| Public key | Matches to the corresponding private key |
| Relying Party | A website offering Web Authentication integration |
| Replay attack | Also known as playback attack. A form of network attack in which data transmission is maliciously or fraudulently repeated or delayed. This is the reason challenges are required in Web Authentication. |
| Transports | The method through which credentials are transported from the authenticator such as platform (built-in device), usb, ble (bluetooth) and nfc |
Uint8Array |
A Javascript object representation |
| UV | User verification - an action such as providing a fingerprint or looking into a camera for facial recognition |
Also see the official spec for some additional terms & definitions.
