Authentication Method Reference Values
RFC 8176
Internet Engineering Task Force (IETF) M. Jones
Request for Comments: 8176 Microsoft
Category: Standards Track P. Hunt
ISSN: 2070-1721 Oracle
A. Nadalin
Microsoft
June 2017
Authentication Method Reference Values
Abstract
The "amr" (Authentication Methods References) claim is defined and
registered in the IANA "JSON Web Token Claims" registry, but no
standard Authentication Method Reference values are currently
defined. This specification establishes a registry for
Authentication Method Reference values and defines an initial set of
Authentication Method Reference values.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc8176.
Copyright Notice
Copyright (c) 2017 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Jones, et al. Standards Track [Page 1]
RFC 8176 Authentication Method Reference Values June 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Requirements Notation and Conventions . . . . . . . . . . 4
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4
2. Authentication Method Reference Values . . . . . . . . . . . 5
3. Relationship to "acr" (Authentication Context Class
Reference) . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6.1. Authentication Method Reference Values Registry . . . . . 8
6.1.1. Registration Template . . . . . . . . . . . . . . . . 9
6.1.2. Initial Registry Contents . . . . . . . . . . . . . . 9
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 12
7.1. Normative References . . . . . . . . . . . . . . . . . . 12
7.2. Informative References . . . . . . . . . . . . . . . . . 13
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 15
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 15
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15
Jones, et al. Standards Track [Page 2]
RFC 8176 Authentication Method Reference Values June 2017
1. Introduction
The "amr" (Authentication Methods References) claim is defined and
registered in the IANA "JSON Web Token Claims" registry
[IANA.JWT.Claims], but no standard Authentication Method Reference
values are currently defined. This specification establishes a
registry for Authentication Method Reference values and defines an
initial set of Authentication Method Reference values.
For context, the "amr" (Authentication Methods References) claim is
defined by Section 2 of the OpenID Connect Core 1.0 specification
[OpenID.Core] as follows:
amr
OPTIONAL. Authentication Methods References. JSON array of
strings that are identifiers for authentication methods used in
the authentication. For instance, values might indicate that both
password and OTP authentication methods were used. The definition
of particular values to be used in the "amr" Claim is beyond the
scope of this specification. Parties using this claim will need
to agree upon the meanings of the values used, which may be
context-specific. The "amr" value is an array of case sensitive
Show full document text