Authentication Method Reference Values
RFC 8176

Document Type RFC - Proposed Standard (June 2017; No errata)
Last updated 2017-06-16
Replaces draft-jones-oauth-amr-values
Stream IETF
Formats plain text pdf html bibtex
Reviews
Stream WG state Submitted to IESG for Publication (wg milestone: May 2016 - Submit 'Authenticati... )
Document shepherd Hannes Tschofenig
Shepherd write-up Show (last changed 2016-10-19)
IESG IESG state RFC 8176 (Proposed Standard)
Consensus Boilerplate Yes
Telechat date
Responsible AD Kathleen Moriarty
Send notices to "Hannes Tschofenig" <Hannes.Tschofenig@gmx.net>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Internet Engineering Task Force (IETF)                          M. Jones
Request for Comments: 8176                                     Microsoft
Category: Standards Track                                        P. Hunt
ISSN: 2070-1721                                                   Oracle
                                                              A. Nadalin
                                                               Microsoft
                                                               June 2017

                 Authentication Method Reference Values

Abstract

   The "amr" (Authentication Methods References) claim is defined and
   registered in the IANA "JSON Web Token Claims" registry, but no
   standard Authentication Method Reference values are currently
   defined.  This specification establishes a registry for
   Authentication Method Reference values and defines an initial set of
   Authentication Method Reference values.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc8176.

Copyright Notice

   Copyright (c) 2017 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Jones, et al.                Standards Track                    [Page 1]
RFC 8176         Authentication Method Reference Values        June 2017

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Requirements Notation and Conventions . . . . . . . . . .   4
     1.2.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   4
   2.  Authentication Method Reference Values  . . . . . . . . . . .   5
   3.  Relationship to "acr" (Authentication Context Class
       Reference)  . . . . . . . . . . . . . . . . . . . . . . . . .   7
   4.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .   7
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
     6.1.  Authentication Method Reference Values Registry . . . . .   8
       6.1.1.  Registration Template . . . . . . . . . . . . . . . .   9
       6.1.2.  Initial Registry Contents . . . . . . . . . . . . . .   9
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  12
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .  12
     7.2.  Informative References  . . . . . . . . . . . . . . . . .  13
   Appendix A.  Examples . . . . . . . . . . . . . . . . . . . . . .  15
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  15
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  15

Jones, et al.                Standards Track                    [Page 2]
RFC 8176         Authentication Method Reference Values        June 2017

1.  Introduction

   The "amr" (Authentication Methods References) claim is defined and
   registered in the IANA "JSON Web Token Claims" registry
   [IANA.JWT.Claims], but no standard Authentication Method Reference
   values are currently defined.  This specification establishes a
   registry for Authentication Method Reference values and defines an
   initial set of Authentication Method Reference values.

   For context, the "amr" (Authentication Methods References) claim is
   defined by Section 2 of the OpenID Connect Core 1.0 specification
   [OpenID.Core] as follows:

   amr
      OPTIONAL.  Authentication Methods References.  JSON array of
      strings that are identifiers for authentication methods used in
      the authentication.  For instance, values might indicate that both
      password and OTP authentication methods were used.  The definition
      of particular values to be used in the "amr" Claim is beyond the
      scope of this specification.  Parties using this claim will need
      to agree upon the meanings of the values used, which may be
      context-specific.  The "amr" value is an array of case sensitive
Show full document text