+1 2015-08-15 4:20 GMT+09:00 Phil Hunt <[email protected]>:
> +1 > > Phil > > @independentid > www.independentid.com > [email protected] > > On Aug 14, 2015, at 12:08 PM, John Bradley <[email protected]> wrote: > > +1 > > On Aug 14, 2015, at 3:03 PM, Brian Campbell <[email protected]> > wrote: > > +1 for "rba" > > On Fri, Aug 14, 2015 at 11:52 AM, William Denniss <[email protected]> > wrote: > >> Fair point. RBA is a fairly common acronym for Risk-Based Authentication, >> how about going with "rba"? Would align with existing "mfa", "mca" >> definitions (while also saving 1 character and helping the ambiguity issue). >> >> On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones <[email protected] >> > wrote: >> >>> I hear you, but we’re trying to keep the values short for space reasons >>> – just like other identifiers in JWTs. Ultimately, the values aren’t >>> meaningful without referring to the spec in the first place, so the place >>> to beef up the meaning is in the description in the spec – not in the “amr” >>> value. If you’d like to suggest any edits in that regard, have at it! >>> >>> >>> >>> Thanks, >>> >>> -- Mike >>> >>> >>> >>> *From:* William Denniss [mailto:[email protected]] >>> *Sent:* Friday, August 14, 2015 1:40 PM >>> *To:* Mike Jones >>> *Cc:* [email protected] >>> *Subject:* Re: [OAUTH-WG] “amr” Values spec updated >>> >>> >>> >>> Looking good, thanks for putting this together. >>> >>> >>> >>> I wonder if we should say "risk_based" rather than just "risk" to avoid >>> ambiguity (i.e. that it's not a risky authentication method, rather, it was >>> risk-based). "user" seems to work well, e.g. "user mfa pwd otp" tells a >>> logical story. >>> >>> >>> >>> >>> >>> >>> >>> On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones <[email protected]> >>> wrote: >>> >>> I’ve updated the Authentication Method Reference Values spec to >>> incorporate feedback received from the OAuth working group. Changes were: >>> >>> · Added the values “mca” (multiple-channel authentication), “risk” >>> (risk-based authentication), and “user” (user presence test). >>> >>> · Added citations in the definitions of Windows integrated >>> authentication, knowledge-based authentication, risk-based authentication, >>> multiple-factor authentication, one-time password, and proof-of-possession. >>> >>> · Alphabetized the values. >>> >>> · Added Tony Nadalin as an author and added acknowledgements. >>> >>> >>> >>> The specification is available at: >>> >>> · http://tools.ietf.org/html/draft-jones-oauth-amr-values-01 >>> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d> >>> >>> >>> >>> An HTML formatted version is also available at: >>> >>> · >>> http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html >>> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d> >>> >>> >>> >>> -- Mike >>> >>> >>> >>> P.S. This note was also posted at http://self-issued.info/?p=1437 >>> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d> >>> and as @selfissued >>> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d> >>> . >>> >>> >>> _______________________________________________ >>> OAuth mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/oauth >>> <https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d> >>> >>> >>> >> >> >> _______________________________________________ >> OAuth mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/oauth >> >> > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth > > -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/ @_nat_en
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
