I’ve defined an Authentication Method Reference (AMR) value called “pop” to indicate that Proof-of-possession of a key was performed. Unlike the existing “hwk” (hardware key) and “swk” (software key) methods, it is intentionally unspecified whether the proof-of-possession key is hardware-secured or software-secured. Among other use cases, this AMR method is applicable whenever a WebAuthn or FIDO authenticator are used.

The specification is available at these locations:

https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html
https://openid.net/specs/openid-connect-eap-acr-values-1_0.html

Thanks to Christiaan Brand for suggesting this.

You must be logged in to post a comment.

Musings on Digital Identity

Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec

Leave a Reply

Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec

OpenID Connect Presentation at IIW XXXIII

OpenID and FIDO Presentation at October 2021 FIDO Plenary

Leave a Reply