The Client to Authenticator Protocol (CTAP) or X.1278[1] enables a roaming, user-controlled cryptographic authenticator (such as a smartphone or a hardware security key) to interoperate with a client platform such as a laptop.
[2] WebAuthn and CTAP are the primary outputs of the FIDO2 Project, a joint effort between the FIDO Alliance and the W3C.
[3] CTAP is based upon previous work done by the FIDO Alliance, in particular the Universal 2nd Factor (U2F) authentication standard.
Specifically, the FIDO U2F 1.2 Proposed Standard (July 11, 2017) became the starting point for the CTAP Proposed Standard, the latest version 2.0 of which was published on January 30, 2019.
The protocol uses the CBOR binary data serialization format.