The goal of the Universal Authentication Framework is to provide a unified and extensible authentication mechanism that supplants passwords while avoiding the shortcomings of current alternative authentication approaches. This approach is designed to allow the relying party to choose the best available authentication mechanism for a particular end user or interaction, while preserving the option to leverage emerging device security capabilities in the future without requiring additional integration effort. This Recommendation describes the architecture in detail, it defines the flow and content of all UAF protocol messages and presents the rationale behind the design choices. Note: This technically equivalent protocol is based on the work in [b-UAF]