Re: [OAUTH-WG] “amr” Values spec updated

Fri, 14 Aug 2015 12:11:03 -0700 

+1

> On Aug 14, 2015, at 3:03 PM, Brian Campbell <[email protected]> 
> wrote:
> 
> +1 for "rba"
> 
> On Fri, Aug 14, 2015 at 11:52 AM, William Denniss <[email protected] 
> <mailto:[email protected]>> wrote:
> Fair point. RBA is a fairly common acronym for Risk-Based Authentication, how 
> about going with "rba"? Would align with existing "mfa", "mca" definitions 
> (while also saving 1 character and helping the ambiguity issue).
> 
> On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones <[email protected] 
> <mailto:[email protected]>> wrote:
> I hear you, but we’re trying to keep the values short for space reasons – 
> just like other identifiers in JWTs.  Ultimately, the values aren’t 
> meaningful without referring to the spec in the first place, so the place to 
> beef up the meaning is in the description in the spec – not in the “amr” 
> value.  If you’d like to suggest any edits in that regard, have at it!
> 
>  
> 
>                                                             Thanks,
> 
>                                                             -- Mike
> 
>  
> 
> From: William Denniss [mailto:[email protected] 
> <mailto:[email protected]>] 
> Sent: Friday, August 14, 2015 1:40 PM
> To: Mike Jones
> Cc: [email protected] <mailto:[email protected]>
> Subject: Re: [OAUTH-WG] “amr” Values spec updated
> 
>  
> 
> Looking good, thanks for putting this together.
> 
>  
> 
> I wonder if we should say "risk_based" rather than just "risk" to avoid 
> ambiguity (i.e. that it's not a risky authentication method, rather, it was 
> risk-based).  "user" seems to work well, e.g. "user mfa pwd otp" tells a 
> logical story.
> 
>  
> 
>  
> 
>  
> 
> On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones <[email protected] 
> <mailto:[email protected]>> wrote:
> 
> I’ve updated the Authentication Method Reference Values spec to incorporate 
> feedback received from the OAuth working group.  Changes were:
> 
> ·        Added the values “mca” (multiple-channel authentication), “risk” 
> (risk-based authentication), and “user” (user presence test).
> 
> ·        Added citations in the definitions of Windows integrated 
> authentication, knowledge-based authentication, risk-based authentication, 
> multiple-factor authentication, one-time password, and proof-of-possession.
> 
> ·        Alphabetized the values.
> 
> ·        Added Tony Nadalin as an author and added acknowledgements.
> 
>  
> 
> The specification is available at:
> 
> ·        http://tools.ietf.org/html/draft-jones-oauth-amr-values-01 
> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d>
>  
> 
> An HTML formatted version is also available at:
> 
> ·        http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html 
> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d>
>  
> 
>                                                             -- Mike
> 
>  
> 
> P.S.  This note was also posted at http://self-issued.info/?p=1437 
> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d>
>  and as @selfissued 
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d>.
> 
> 
> _______________________________________________
> OAuth mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/oauth 
> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d>
>  
> 
> 
> 
> _______________________________________________
> OAuth mailing list
> [email protected] <mailto:[email protected]>
> https://www.ietf.org/mailman/listinfo/oauth 
> <https://www.ietf.org/mailman/listinfo/oauth>
> 
> 
> _______________________________________________
> OAuth mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/oauth

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to