+1 for "rba" On Fri, Aug 14, 2015 at 11:52 AM, William Denniss <[email protected]> wrote:
> Fair point. RBA is a fairly common acronym for Risk-Based Authentication, > how about going with "rba"? Would align with existing "mfa", "mca" > definitions (while also saving 1 character and helping the ambiguity issue). > > On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones <[email protected]> > wrote: > >> I hear you, but we’re trying to keep the values short for space reasons – >> just like other identifiers in JWTs. Ultimately, the values aren’t >> meaningful without referring to the spec in the first place, so the place >> to beef up the meaning is in the description in the spec – not in the “amr” >> value. If you’d like to suggest any edits in that regard, have at it! >> >> >> >> Thanks, >> >> -- Mike >> >> >> >> *From:* William Denniss [mailto:[email protected]] >> *Sent:* Friday, August 14, 2015 1:40 PM >> *To:* Mike Jones >> *Cc:* [email protected] >> *Subject:* Re: [OAUTH-WG] “amr” Values spec updated >> >> >> >> Looking good, thanks for putting this together. >> >> >> >> I wonder if we should say "risk_based" rather than just "risk" to avoid >> ambiguity (i.e. that it's not a risky authentication method, rather, it was >> risk-based). "user" seems to work well, e.g. "user mfa pwd otp" tells a >> logical story. >> >> >> >> >> >> >> >> On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones <[email protected]> >> wrote: >> >> I’ve updated the Authentication Method Reference Values spec to >> incorporate feedback received from the OAuth working group. Changes were: >> >> · Added the values “mca” (multiple-channel authentication), “risk” >> (risk-based authentication), and “user” (user presence test). >> >> · Added citations in the definitions of Windows integrated >> authentication, knowledge-based authentication, risk-based authentication, >> multiple-factor authentication, one-time password, and proof-of-possession. >> >> · Alphabetized the values. >> >> · Added Tony Nadalin as an author and added acknowledgements. >> >> >> >> The specification is available at: >> >> · http://tools.ietf.org/html/draft-jones-oauth-amr-values-01 >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d> >> >> >> >> An HTML formatted version is also available at: >> >> · >> http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d> >> >> >> >> -- Mike >> >> >> >> P.S. This note was also posted at http://self-issued.info/?p=1437 >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d> >> and as @selfissued >> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d> >> . >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d> >> >> >> > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > >
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
