Done in -02. ________________________________ From: Nat Sakimura<mailto:[email protected]> Sent: 8/18/2015 7:28 PM To: Phil Hunt<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Re: [OAUTH-WG] “amr” Values spec updated
+1 2015-08-15 4:20 GMT+09:00 Phil Hunt <[email protected]<mailto:[email protected]>>: +1 Phil @independentid www.independentid.com<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.independentid.com&data=01%7c01%7cMichael.Jones%40microsoft.com%7c501738a4097c4d7e3f9608d2a83de568%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=SEPT1AMM6Wc8ja4fvXlSrRe6N1kSzZ7xmmEZjxcKSx0%3d> [email protected]<mailto:[email protected]> On Aug 14, 2015, at 12:08 PM, John Bradley <[email protected]<mailto:[email protected]>> wrote: +1 On Aug 14, 2015, at 3:03 PM, Brian Campbell <[email protected]<mailto:[email protected]>> wrote: +1 for "rba" On Fri, Aug 14, 2015 at 11:52 AM, William Denniss <[email protected]<mailto:[email protected]>> wrote: Fair point. RBA is a fairly common acronym for Risk-Based Authentication, how about going with "rba"? Would align with existing "mfa", "mca" definitions (while also saving 1 character and helping the ambiguity issue). On Fri, Aug 14, 2015 at 10:44 AM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: I hear you, but we’re trying to keep the values short for space reasons – just like other identifiers in JWTs. Ultimately, the values aren’t meaningful without referring to the spec in the first place, so the place to beef up the meaning is in the description in the spec – not in the “amr” value. If you’d like to suggest any edits in that regard, have at it! Thanks, -- Mike From: William Denniss [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, August 14, 2015 1:40 PM To: Mike Jones Cc: [email protected]<mailto:[email protected]> Subject: Re: [OAUTH-WG] “amr” Values spec updated Looking good, thanks for putting this together. I wonder if we should say "risk_based" rather than just "risk" to avoid ambiguity (i.e. that it's not a risky authentication method, rather, it was risk-based). "user" seems to work well, e.g. "user mfa pwd otp" tells a logical story. On Thu, Aug 13, 2015 at 8:43 PM, Mike Jones <[email protected]<mailto:[email protected]>> wrote: I’ve updated the Authentication Method Reference Values spec to incorporate feedback received from the OAuth working group. Changes were: • Added the values “mca” (multiple-channel authentication), “risk” (risk-based authentication), and “user” (user presence test). • Added citations in the definitions of Windows integrated authentication, knowledge-based authentication, risk-based authentication, multiple-factor authentication, one-time password, and proof-of-possession. • Alphabetized the values. • Added Tony Nadalin as an author and added acknowledgements. The specification is available at: • http://tools.ietf.org/html/draft-jones-oauth-amr-values-01<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2ftools.ietf.org%2fhtml%2fdraft-jones-oauth-amr-values-01&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=I5MFZbd1BMANLuVeDH24boBVJ1CSwybIg3P1RqTZweU%3d> An HTML formatted version is also available at: • http://self-issued.info/docs/draft-jones-oauth-amr-values-01.html<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-01.html&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rpA2%2fLQGs5mdomEP4xBu7T9V4PWzVi2j8d1VTzPCCZg%3d> -- Mike P.S. This note was also posted at http://self-issued.info/?p=1437<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2f%3fp%3d1437&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=sv5HbcRW%2bjRbYcd71MRZBcFdks%2froaDqZ%2fqTKOJrJ%2fo%3d> and as @selfissued<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2ftwitter.com%2fselfissued&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=ex43UP5ytuIMsfe6SkABmPAvJbeOpXPbHQbnvixUNcQ%3d>. _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c1f21f86f4e4a4858dff908d2a4cf71f3%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=hlMpGbGhXBCYimtMJa9IfEzWSFqXRy3kKHN8Z%2bLxjn0%3d> _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c501738a4097c4d7e3f9608d2a83de568%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fwIM0fDpZUe7KcJcyh1JMndXAZTb0D07AgLb0ypX2Jc%3d> _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c501738a4097c4d7e3f9608d2a83de568%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fwIM0fDpZUe7KcJcyh1JMndXAZTb0D07AgLb0ypX2Jc%3d> _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c501738a4097c4d7e3f9608d2a83de568%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fwIM0fDpZUe7KcJcyh1JMndXAZTb0D07AgLb0ypX2Jc%3d> _______________________________________________ OAuth mailing list [email protected]<mailto:[email protected]> https://www.ietf.org/mailman/listinfo/oauth<https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.ietf.org%2fmailman%2flistinfo%2foauth&data=01%7c01%7cMichael.Jones%40microsoft.com%7c501738a4097c4d7e3f9608d2a83de568%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2fwIM0fDpZUe7KcJcyh1JMndXAZTb0D07AgLb0ypX2Jc%3d> -- Nat Sakimura (=nat) Chairman, OpenID Foundation http://nat.sakimura.org/<https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fnat.sakimura.org%2f&data=01%7c01%7cMichael.Jones%40microsoft.com%7c501738a4097c4d7e3f9608d2a83de568%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=rIoMNwbWgT09bmV%2bis9oyApufBstcWzo1QcbQpzr5l8%3d> @_nat_en
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
