Jones; William Denniss;
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
I am in favor of William's proposal.
In addition, I would like to see one for 2nd channel auth, 2ch. That would
indicate some resilience against MITB.
On Saturday, July 25, 2015, Brian Cam
To: Mike Jones
Cc: Nat Sakimura; William Denniss;
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
There's a method of authentication that is gaining in popularity which I'd
propose adding a method for. It is typically used as a second factor where
after a pr
23, 2015 6:22 PM
To: William Denniss
Cc:
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
So, allow me a naive question.
I supppose there are good random otp, as well as pretty bad otp etc.
Would it be useful to say just "otp". Would it not be better to have at
ike
From: John Bradley [mailto:ve7...@ve7jtb.com<mailto:ve7...@ve7jtb.com>]
Sent: Thursday, July 23, 2015 9:30 AM
To: Justin Richer
Cc: Mike Jones; mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
I don’t personally have a problem with people
t;> developers who actually wanted this for a particular purpose but I’ll have
>> to get back to the WG on that. It’s defined here, rather than in another
>> spec, because it’s highly related to the “amr” values.
>>
>>
>>
>> -- Mike
>&
aft-jones-oauth-amr-values-00.html#acrRelationship
> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fself-issued.info%2fdocs%2fdraft-jones-oauth-amr-values-00.html%23acrRelationship&data=01%7c01%7cMichael.Jones%40microsoft.com%7c45f73eec59c2463664de08d2937adf52%7c72f988bf86f14
is a start at that.
-- Mike
From: John Bradley [mailto:ve7...@ve7jtb.com<mailto:ve7...@ve7jtb.com>]
Sent: Thursday, July 23, 2015 9:30 AM
To: Justin Richer
Cc: Mike Jones; mailto:oauth@ietf.org>>
Subject: Re: [OAUTH-WG] A
r” is preferable. The text at
>>> http://self-issued.info/docs/draft-jones-oauth-amr-values-00.html#acrRelationship
>>> is a start at that.
>>>
>>>
>>>
>>> -- Mike
>>>
>&
I do tend to agree John that clients shouldn't be able to force the sp on
choices.
My thought was that it was useful to have a registry so we can have standard
auth method values for protocols that get written like oidc. It may be useful
elsewhere.
Anyway as a general rule I think it is som
draft-jones-oauth-amr-values-00.html#acrRelationship
> is a start at that.
>
>
>
> -- Mike
>
>
>
> *From:* John Bradley [mailto:ve7...@ve7jtb.com]
> *Sent:* Thursday, July 23, 2015 9:30 AM
> *To:*
that.
-- Mike
From: John Bradley [mailto:ve7...@ve7jtb.com]
Sent: Thursday, July 23, 2015 9:30 AM
To: Justin Richer
Cc: Mike Jones;
Subject: Re: [OAUTH-WG] Authentication Method Reference Values Specification
I don’t personally have a
I don’t personally have a problem with people defining values for AMR and
creating a IANA registry.
That exists for ACR.
I am on record as not supporting clients requesting amr as it ai a bad idea and
the spec mentions that at the same time it defines a new request parameter for
it.
It is pr
Useful work, but shouldn’t this be defined in the OIDF, where the “amr"
parameter is defined?
— Justin
> On Jul 22, 2015, at 7:48 PM, Mike Jones wrote:
>
> Phil Hunt and I have posted a new draft that defines some values used with
> the “amr” (Authentication Methods References) claim and est
Phil Hunt and I have posted a new draft that defines some values used with the
"amr" (Authentication Methods References) claim and establishes a registry for
Authentication Method Reference values. These values include commonly used
authentication methods like "pwd" (password) and "otp" (one ti
14 matches
Mail list logo
