I hear you, but we’re trying to keep the values short for space reasons – just
like other identifiers in JWTs. Ultimately, the values aren’t meaningful
without referring to the spec in the first place, so the place to beef up the
meaning is in the description in the spec – not in the “amr” value. If you’d
like to suggest any edits in that regard, have at it!
Thanks,
-- Mike
From: William Denniss [mailto:[email protected]]
Sent: Friday, August 14, 2015 1:40 PM
To: Mike Jones
Cc: [email protected]
Subject: Re: [OAUTH-WG] “amr” Values spec updated
Looking good, thanks for putting this together.
I wonder if we should say "risk_based" rather than just "risk" to avoid
ambiguity (i.e. that it's not a risky authentication method, rather, it was
risk-based). "user" seems to work well, e.g. "user mfa pwd otp" tells a
logical story.
On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones
<[email protected]<mailto:[email protected]>> wrote:
I’ve updated the Authentication Method Reference Values spec to incorporate
feedback received from the OAuth working group. Changes were:
• Added the values “mca” (multiple-channel authentication), “risk”
(risk-based authentication), and “user” (user presence test).
• Added citations in the definitions of Windows integrated
authentication, knowledge-based authentication, risk-based authentication,
multiple-factor authentication, one-time password, and proof-of-possession.
• Alphabetized the values.
• Added Tony Nadalin as an author and added acknowledgements.
The specification is available at:
•
http://tools.ietf.org/html/draft-jones-oauth-amr-values-01<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d>
An HTML formatted version is also available at:
•
http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d>
-- Mike
P.S. This note was also posted at
http://self-issued.info/?p=1437<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d>
and as
@selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d>.
_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d>
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
