Overview[1]#

Authentication Method Reference Values (amr_values) is defined in RFC 8176 and creates a Authentication Method Reference Values Registry IANA Registry Authentication Method Reference Values.

The "amr" (Authentication Method Reference) claim is defined and registered in the IANA "JSON Web Token Claims" registry IANA.JWT.Claims, but no standard Authentication Method Reference Values are currently defined. RFC 8176 specification establishes a registry for Authentication Method Reference values and defines an initial set of Authentication Method Reference Values.

The following is a list of Authentication Method Reference Values defined by the Authentication Method Reference Values specification:

ValueDescription
faceFacial recognition
fptFingerprint recognition Biometric Authentication
geoGeolocation
hwkProof-of-Possession (PoP) of a hardware-secured key. See Appendix C of RFC 4211 for a discussion on PoP.
irisIris recognition
kbaKnowledge-based authentication NIST.SP.800-63
mcaMultiple-channel Authentication. The authentication involves communication over more than one distinct channel.
mfaMulti-Factor Authentication NIST.SP.800-63. When this is present, specific Authentication Methods used may also be included.
otpOne-Time password. One-Time password specifications that this Authentication Method applies to include RFC 4226 and RFC 6238.
pinPersonal Identification Number or pattern (not restricted to containing only numbers) that a user enters to unlock a key on the device. This mechanism SHOULD have a way to deter an attacker from obtaining the PIN by trying repeated guesses.
pwdPassword-based Authentication
rbaRisk-Based Authentication JECM
retinaRetinal scan Biometric Authentication
scSmart Card
smsConfirmation using SMS message to the user at a registered number
swkProof-of-Possession (PoP) of a Software-secured key. See Appendix C of RFC 4211 for a discussion on PoP.
telConfirmation by telephone call to the user at a registered number
userUser presence test
vbmVoice recognition by Biometric Authentication
wiaWindows Integrated Authentication, as described in MSDN

Where Used#

Authentication Method Reference Values SHOULD be used for all of the following:

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-23) was last changed on 23-Jun-2017 10:20 by jim