Re: [OAUTH-WG] “amr” Values spec updated

Fri, 14 Aug 2015 11:06:10 -0700 

OK – I’ve added “rba” to my to-do list for the next spec version.

                                                            -- Mike

From: Brian Campbell [mailto:[email protected]]
Sent: Friday, August 14, 2015 2:03 PM
To: William Denniss
Cc: Mike Jones; [email protected]
Subject: Re: [OAUTH-WG] “amr” Values spec updated

+1 for "rba"

On Fri, Aug 14, 2015 at 11:52 AM, William Denniss 
<[email protected]<mailto:[email protected]>> wrote:
Fair point. RBA is a fairly common acronym for Risk-Based Authentication, how 
about going with "rba"? Would align with existing "mfa", "mca" definitions 
(while also saving 1 character and helping the ambiguity issue).

On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones 
<[email protected]<mailto:[email protected]>> wrote:
I hear you, but we’re trying to keep the values short for space reasons – just 
like other identifiers in JWTs.  Ultimately, the values aren’t meaningful 
without referring to the spec in the first place, so the place to beef up the 
meaning is in the description in the spec – not in the “amr” value.  If you’d 
like to suggest any edits in that regard, have at it!

                                                            Thanks,
                                                            -- Mike

From: William Denniss [mailto:[email protected]<mailto:[email protected]>]
Sent: Friday, August 14, 2015 1:40 PM
To: Mike Jones
Cc: [email protected]<mailto:[email protected]>
Subject: Re: [OAUTH-WG] “amr” Values spec updated

Looking good, thanks for putting this together.

I wonder if we should say "risk_based" rather than just "risk" to avoid 
ambiguity (i.e. that it's not a risky authentication method, rather, it was 
risk-based).  "user" seems to work well, e.g. "user mfa pwd otp" tells a 
logical story.



On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones 
<[email protected]<mailto:[email protected]>> wrote:
I’ve updated the Authentication Method Reference Values spec to incorporate 
feedback received from the OAuth working group.  Changes were:

•        Added the values “mca” (multiple-channel authentication), “risk” 
(risk-based authentication), and “user” (user presence test).

•        Added citations in the definitions of Windows integrated 
authentication, knowledge-based authentication, risk-based authentication, 
multiple-factor authentication, one-time password, and proof-of-possession.

•        Alphabetized the values.

•        Added Tony Nadalin as an author and added acknowledgements.

The specification is available at:

•        
http://tools.ietf.org/html/draft-jones-oauth-amr-values-01<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d>

An HTML formatted version is also available at:

•        
http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d>

                                                            -- Mike

P.S.  This note was also posted at 
http://self-issued.info/?p=1437<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d>
 and as 
@selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d>.

_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d>



_______________________________________________
OAuth mailing list
[email protected]<mailto:[email protected]>
https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7ccd057e86f6f845862d8008d2a4d2b953%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=AUc7mKLrEWIO3j1gkWFajQ2lqn5Nbw79m6akPTwbaMM%3d>


_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to