Thanks for your review, William. Draft -02 will address these comments as follows:
1. Added section number, as suggested.
2. Moved copy of âamrâ definition into Introduction, separating it from the Values section. I agree that that makes the specification more readable.
Thanks again,
-- Mike
From: OAuth [mailto:oauth-***@ietf.org] On Behalf Of William Denniss
Sent: Thursday, July 21, 2016 6:04 AM
To: Hannes Tschofenig <***@gmx.net>
Cc: ***@ietf.org
Subject: Re: [OAUTH-WG] Working Group Last Call on "Authentication Method Reference Values"
I'm glad to see this document in working group last call. The amr values my team is using in our implementation are included.
I have reviewed the 01 version of this draft, and I believe is ready to become an RFC.
I have only two minor editorial comments:
1.
Where we reference the claim in Connect (amr draft section 2), we should also state the specific section, i.e. "is defined by Section 2.0 of the OpenID Connect Core 1.0 specification".
2.
I found the juxtaposition of the amr claim definition and the values a little confusing, as the former is re-stating an existing definition while the latter is new material provided by this spec. I'm glad to see the claim definition in this draft, as it helps to provide context, but I might restructure into two sections, as below (green text added/changed). If restructured in this way, section 2 would provide the background and section 3 would provide the new material, making it easier to reference from other documents.
---
2<https://tools.ietf.org/html/draft-ietf-oauth-amr-values-01#section-2>. Authentication Method Reference Claim
The "amr" (Authentication Methods References) claim is defined by section 2.0 of the
OpenID Connect Core 1.0 specification [OpenID.Core<https://tools.ietf.org/html/draft-ietf-oauth-amr-values-01#ref-OpenID.Core>] as follows:
amr
OPTIONAL. Authentication Methods References. JSON array of
strings that are identifiers for authentication methods used in
the authentication. For instance, values might indicate that both
password and OTP authentication methods were used. The definition
of particular values to be used in the "amr" Claim is beyond the
scope of this specification. Parties using this claim will need
to agree upon the meanings of the values used, which may be
context-specific. The "amr" value is an array of case sensitive
strings.
OpenID Connect does not specify any particular
Authentication Method Reference values to be used in the "amr" claim.
This specification establishes a registry for these values and defines a starting list.
3. Authentication Method Reference Values
The following is a list of Authentication Method Reference values
defined by this specification:
On Mon, Jul 18, 2016 at 4:30 PM, Hannes Tschofenig <***@gmx.net<mailto:***@gmx.net>> wrote:
Hi all,
this is a Last Call for comments on the "Authentication Method Reference
Values" specification.
The document can be found here:
https://tools.ietf.org/html/draft-ietf-oauth-amr-values-01
Please have your comments in no later than August 1st.
Ciao
Hannes & Derek
_______________________________________________
OAuth mailing list
***@ietf.org<mailto:***@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth