In FIDO UAF, a user agent is an application or service that initiates a FIDO UAF authentication request. A user agent is identified by a URI, the so-called facet ID (FacetID). The format of this facet ID depends on the user agent type:
Web browser. If the user agent is a web browser, the facet ID is the web origin of the web page that triggers the FIDO operation. For example, https://login.mycorp.com/.
Android. If the user agent is an Android app, the facet ID is a URI derived from the Base64-encoded SHA-1 or SHA-256 hash of the APK signing certificate. That is, either:
android:apk-key-hash-sha256:base64_encoded_sha256_hash_of_apk_signing_cert
android:apk-key-hash:base64_encoded_sha1_hash_of_apk_signing_cert
iOS. If the user agent is an iOS app, the facet ID is a URI derived from the app's bundle ID. That is, ios:bundle-id:ios_bundle_id_of_app.
The trusted facets list contains all authorized facet IDs that the relying party should trust. This ensures that only trusted applications are allowed to initiate authentication requests.
When you integrate the FIDO UAF SDK, you need to define the trusted facet list in the relying party configuration accordingly. For a reference implementation, you can refer to the FIDO UAF sample web application (see Back end).