Jones; oauth@ietf.orgmailto:oauth@ietf.org
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
I don’t personally have a problem with people defining values for AMR and
creating a IANA registry.
That exists for ACR.
I am on record as not supporting clients requesting amr
Jones; William Denniss; oauth@ietf.org
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
I am in favor of William's proposal.
In addition, I would like to see one for 2nd channel auth, 2ch. That would
indicate some resilience against MITB.
On Saturday, July 25, 2015
: RE: [OAUTH-WG] Authentication Method Reference Values Specification
I agree that an obvious good thing to do is to add spec references to the field
definitions.
I need to investigate use cases for amr_values. I think this came from
developers who actually wanted this for a particular purpose
To: Mike Jones
Cc: Nat Sakimura; William Denniss; oauth@ietf.org
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
There's a method of authentication that is gaining in popularity which I'd
propose adding a method for. It is typically used as a second factor where
after
@ietf.org javascript:_e(%7B%7D,'cvml','oauth@ietf.org');
*Subject:* Re: [OAUTH-WG] Authentication Method Reference Values
Specification
So, allow me a naive question.
I supppose there are good random otp, as well as pretty bad otp etc.
Would it be useful to say just otp. Would it not be better
@ietf.org
*Subject:* Re: [OAUTH-WG] Authentication Method Reference Values
Specification
I don’t personally have a problem with people defining values for AMR and
creating a IANA registry.
That exists for ACR.
I am on record as not supporting clients requesting amr as it ai a bad
idea
is a start at that.
-- Mike
*From:* John Bradley [mailto:ve7...@ve7jtb.com]
*Sent:* Thursday, July 23, 2015 9:30 AM
*To:* Justin Richer
*Cc:* Mike Jones; oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Authentication Method Reference
: Re: [OAUTH-WG] Authentication Method Reference Values Specification
So, allow me a naive question.
I supppose there are good random otp, as well as pretty bad otp etc.
Would it be useful to say just otp. Would it not be better to have at least a
field that references a spec that specifies
I don’t personally have a problem with people defining values for AMR and
creating a IANA registry.
That exists for ACR.
I am on record as not supporting clients requesting amr as it ai a bad idea and
the spec mentions that at the same time it defines a new request parameter for
it.
It is
Useful work, but shouldn’t this be defined in the OIDF, where the “amr
parameter is defined?
— Justin
On Jul 22, 2015, at 7:48 PM, Mike Jones michael.jo...@microsoft.com wrote:
Phil Hunt and I have posted a new draft that defines some values used with
the “amr” (Authentication Methods
at that.
-- Mike
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Thursday, July 23, 2015 9:30 AM
To: Justin Richer
Cc: Mike Jones; oauth@ietf.org
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
I don’t
I do tend to agree John that clients shouldn't be able to force the sp on
choices.
My thought was that it was useful to have a registry so we can have standard
auth method values for protocols that get written like oidc. It may be useful
elsewhere.
Anyway as a general rule I think it is
is a start at that.
-- Mike
*From:* John Bradley [mailto:ve7...@ve7jtb.com]
*Sent:* Thursday, July 23, 2015 9:30 AM
*To:* Justin Richer
*Cc:* Mike Jones; oauth@ietf.org
*Subject:* Re: [OAUTH-WG] Authentication Method Reference
Phil Hunt and I have posted a new draft that defines some values used with the
amr (Authentication Methods References) claim and establishes a registry for
Authentication Method Reference values. These values include commonly used
authentication methods like pwd (password) and otp (one time
14 matches
Mail list logo
