The key part of this is establishing a registry. That can only be done in an RFC.
John, I encourage you to submit text beefing up the arguments about why using “acr” is preferable. The text at http://self-issued.info/docs/draft-jones-oauth-amr-values-00.html#acrRelationship is a start at that. -- Mike From: John Bradley [mailto:[email protected]] Sent: Thursday, July 23, 2015 9:30 AM To: Justin Richer Cc: Mike Jones; <[email protected]> Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification I don’t personally have a problem with people defining values for AMR and creating a IANA registry. That exists for ACR. I am on record as not supporting clients requesting amr as it ai a bad idea and the spec mentions that at the same time it defines a new request parameter for it. It is probably not something I will put any real effort into fighting, if people insist on it. I will continue to recommend only using ACR in the request. John B. On Jul 23, 2015, at 9:21 AM, Justin Richer <[email protected]<mailto:[email protected]>> wrote: Useful work, but shouldn’t this be defined in the OIDF, where the “amr" parameter is defined? — Justin On Jul 22, 2015, at 7:48 PM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: Phil Hunt and I have posted a new draft that defines some values used with the “amr” (Authentication Methods References) claim and establishes a registry for Authentication Method Reference values. These values include commonly used authentication methods like “pwd” (password) and “otp” (one time password). It also defines a parameter for requesting that specific authentication methods be used in the authentication. The specification is available at: • https://tools.ietf.org/html/draft-jones-oauth-amr-values-00 An HTML formatted version is also available at: • http://self-issued.info/docs/draft-jones-oauth-amr-values-00.html -- Mike P.S. This note was also posted at http://self-issued.info/?p=1429 and as @selfissued<https://twitter.com/selfissued>. _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
