I do tend to agree John that clients shouldn't be able to force the sp on choices.
My thought was that it was useful to have a registry so we can have standard auth method values for protocols that get written like oidc. It may be useful elsewhere. Anyway as a general rule I think it is sometimes useful for a client to signal a preference or capability in order that the server can make a good choice that meets its own needs. Phil > On Jul 23, 2015, at 09:30, John Bradley <[email protected]> wrote: > > I don’t personally have a problem with people defining values for AMR and > creating a IANA registry. > > That exists for ACR. > > I am on record as not supporting clients requesting amr as it ai a bad idea > and the spec mentions that at the same time it defines a new request > parameter for it. > > It is probably not something I will put any real effort into fighting, if > people insist on it. I will continue to recommend only using ACR in the > request. > > John B. > >> On Jul 23, 2015, at 9:21 AM, Justin Richer <[email protected]> wrote: >> >> Useful work, but shouldn’t this be defined in the OIDF, where the “amr" >> parameter is defined? >> >> — Justin >> >>> On Jul 22, 2015, at 7:48 PM, Mike Jones <[email protected]> wrote: >>> >>> Phil Hunt and I have posted a new draft that defines some values used with >>> the “amr” (Authentication Methods References) claim and establishes a >>> registry for Authentication Method Reference values. These values include >>> commonly used authentication methods like “pwd” (password) and “otp” (one >>> time password). It also defines a parameter for requesting that specific >>> authentication methods be used in the authentication. >>> >>> The specification is available at: >>> · https://tools.ietf.org/html/draft-jones-oauth-amr-values-00 >>> >>> An HTML formatted version is also available at: >>> · http://self-issued.info/docs/draft-jones-oauth-amr-values-00.html >>> >>> -- Mike >>> >>> P.S. This note was also posted at http://self-issued.info/?p=1429 and as >>> @selfissued. >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/oauth >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
