I’ve defined an Authentication Method Reference (AMR) value called “pop
” to indicate that Proof-of-possession of a key was performed. Unlike the existing “hwk
” (hardware key) and “swk
” (software key) methods, it is intentionally unspecified whether the proof-of-possession key is hardware-secured or software-secured. Among other use cases, this AMR method is applicable whenever a WebAuthn or FIDO authenticator are used.
The specification is available at these locations:
- https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html
- https://openid.net/specs/openid-connect-eap-acr-values-1_0.html
Thanks to Christiaan Brand for suggesting this.
Leave a Reply
You must be logged in to post a comment.