“amr” Values specification addressing area director comments

On November 13, 2016

In Claims, JSON, OAuth, OpenID, Specifications

OAuth logo Draft -04 of the Authentication Method Reference Values specification addresses comments by our security area director Kathleen Moriarty. Changes were:

Added “amr” claim examples with both single and multiple values.
Clarified that the actual credentials referenced are not part of this specification to avoid additional privacy concerns for biometric data.
Clarified that the OAuth 2.0 Threat Model [RFC6819] applies to applications using this specification.

The specification is available at:

http://tools.ietf.org/html/draft-ietf-oauth-amr-values-04

An HTML-formatted version is also available at:

https://self-issued.info/docs/draft-ietf-oauth-amr-values-04.html

You must be logged in to post a comment.

Musings on Digital Identity

“amr” Values specification addressing area director comments

Leave a Reply

“amr” Values specification addressing area director comments

“amr” Values specification addressing shepherd comments

Security Event Token (SET) Specification and IETF Security Events Working Group

Leave a Reply