Why does FIDO2’s spec not mention FIDO UAF as a related standard? [duplicate]
Why does FIDO2's spec not mention FIDO UAF as a related standard? I wonder if FIDO UAF is still relevant. Will FIDO UAF be deprecated eventually in favor of FIDO2? Why do they co-exist if they fulfil the same purpose?
What I already know:
FIDO2 consists of two standards that together enable a web app to communicate with an authenticator.
- CTAP2 (CTAP2 superseded CTAP which was earlier called FIDO U2F)
- WebAuthn
Then there is also FIDO UAF (not to confuse with U2F), which seems to serve the same purpose as FIDO2. Looking at FIDO2's specs the term "UAF" is not even mentioned once.
In this stackoverflow thread (2017) @FredericMARTIN mentions that the two standards were put forward by different players. @Qingbao mentions that FIDO UAF serves to support single-factor authentication. However also with FIDO2 single-factor/passwordless authentication is absolutely possible (see yubico.com). In this other thread (2017) @FredericMARTIN writes that WebAuthn would be the "non-messy" FIDO UAF.
The specs of both FIDO UAF and FIDO2 can be found on the FIDO Alliance's website.
