Overview#

Authentication Method Reference is an attribute within the OpenID Connect Identity Token.

Authentication Method Reference (amr) claim is defined and registered in the IANA "JSON Web Token Claims" registry IANA.JWT.Claims but no standard Authentication Method Reference values are currently defined. This specification establishes a registry for Authentication Method Reference values and defines an initial set of Authentication Method Reference values. It also defines the "amr_values" (requested Authentication Method Reference values) request parameter for requesting that a set of Authentication Method Reference values be used for processing the Authentication Request.

Relationship to Authentication Context Class Reference (acr)#

The Authentication Context Class Reference (acr) claim and acr_values request parameter are related to the Authentication Method Reference (amr) claim, but with important differences.

An Authentication Context Class specifies a set of business rules that authentications are being requested to satisfy. These rules can often be satisfied by using a number of different specific Authentication Methods, either singly or in combination. Interactions using acr_values request that the specified Authentication Context Class be used and that the result should contain an acr claim saying which Authentication Context Class was satisfied. The acr claim in the reply states that the business rules for the class were satisfied -- not how they were satisfied.

In contrast, interactions using the amr claim make statements about the particular Authentication Methods that were used. This tends to be more brittle than using acr, since the Authentication Methods that may be appropriate for a given authentication will vary over time, both because of the evolution of attacks on existing methods and the deployment of new Authentication Methods.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-3) was last changed on 16-Oct-2016 12:23 by jim