Fair point. RBA is a fairly common acronym for Risk-Based Authentication, how about going with "rba"? Would align with existing "mfa", "mca" definitions (while also saving 1 character and helping the ambiguity issue).
On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones <[email protected]> wrote: > I hear you, but we’re trying to keep the values short for space reasons – > just like other identifiers in JWTs. Ultimately, the values aren’t > meaningful without referring to the spec in the first place, so the place > to beef up the meaning is in the description in the spec – not in the “amr” > value. If you’d like to suggest any edits in that regard, have at it! > > > > Thanks, > > -- Mike > > > > *From:* William Denniss [mailto:[email protected]] > *Sent:* Friday, August 14, 2015 1:40 PM > *To:* Mike Jones > *Cc:* [email protected] > *Subject:* Re: [OAUTH-WG] “amr” Values spec updated > > > > Looking good, thanks for putting this together. > > > > I wonder if we should say "risk_based" rather than just "risk" to avoid > ambiguity (i.e. that it's not a risky authentication method, rather, it was > risk-based). "user" seems to work well, e.g. "user mfa pwd otp" tells a > logical story. > > > > > > > > On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones <[email protected]> > wrote: > > I’ve updated the Authentication Method Reference Values spec to > incorporate feedback received from the OAuth working group. Changes were: > > · Added the values “mca” (multiple-channel authentication), “risk” > (risk-based authentication), and “user” (user presence test). > > · Added citations in the definitions of Windows integrated > authentication, knowledge-based authentication, risk-based authentication, > multiple-factor authentication, one-time password, and proof-of-possession. > > · Alphabetized the values. > > · Added Tony Nadalin as an author and added acknowledgements. > > > > The specification is available at: > > · http://tools.ietf.org/html/draft-jones-oauth-amr-values-01 > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d> > > > > An HTML formatted version is also available at: > > · http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d> > > > > -- Mike > > > > P.S. This note was also posted at http://self-issued.info/?p=1437 > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d> > and as @selfissued > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d> > . > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d> > > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
