So maybe a naive question but why does this draft define "amr_values" while also suggesting that it's fragile and that "acr" & "acr_values" is preferable? Seems contradictory. And I doubt I'm the only one that will find it confusing.
On Thu, Jul 23, 2015 at 9:35 AM, Mike Jones <michael.jo...@microsoft.com> wrote: > The key part of this is establishing a registry. That can only be done > in an RFC. > > > > John, I encourage you to submit text beefing up the arguments about why > using “acr” is preferable. The text at > http://self-issued.info/docs/draft-jones-oauth-amr-values-00.html#acrRelationship > is a start at that. > > > > -- Mike > > > > *From:* John Bradley [mailto:ve7...@ve7jtb.com] > *Sent:* Thursday, July 23, 2015 9:30 AM > *To:* Justin Richer > *Cc:* Mike Jones; <oauth@ietf.org> > *Subject:* Re: [OAUTH-WG] Authentication Method Reference Values > Specification > > > > I don’t personally have a problem with people defining values for AMR and > creating a IANA registry. > > > > That exists for ACR. > > > > I am on record as not supporting clients requesting amr as it ai a bad > idea and the spec mentions that at the same time it defines a new request > parameter for it. > > > > It is probably not something I will put any real effort into fighting, if > people insist on it. I will continue to recommend only using ACR in the > request. > > > > John B. > > > > On Jul 23, 2015, at 9:21 AM, Justin Richer <jric...@mit.edu> wrote: > > > > Useful work, but shouldn’t this be defined in the OIDF, where the “amr" > parameter is defined? > > > > — Justin > > > > On Jul 22, 2015, at 7:48 PM, Mike Jones <michael.jo...@microsoft.com> > wrote: > > > > Phil Hunt and I have posted a new draft that defines some values used with > the “amr” (Authentication Methods References) claim and establishes a > registry for Authentication Method Reference values. These values include > commonly used authentication methods like “pwd” (password) and “otp” (one > time password). It also defines a parameter for requesting that specific > authentication methods be used in the authentication. > > > > The specification is available at: > > · https://tools.ietf.org/html/draft-jones-oauth-amr-values-00 > > > > An HTML formatted version is also available at: > > · http://self-issued.info/docs/draft-jones-oauth-amr-values-00.html > > > > -- Mike > > > > P.S. This note was also posted at http://self-issued.info/?p=1429 and as > @selfissued <https://twitter.com/selfissued>. > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth