Draft -04 of the Authentication Method Reference Values specification addresses comments by our security area director Kathleen Moriarty. Changes were:
- Added “
amr” claim examples with both single and multiple values.
- Clarified that the actual credentials referenced are not part of this specification to avoid additional privacy concerns for biometric data.
- Clarified that the OAuth 2.0 Threat Model [RFC6819] applies to applications using this specification.
The specification is available at:
An HTML-formatted version is also available at: