This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Authentication Method Reference
Authentication Method Reference

Version management

Difference between version and

At line 1 added 17 lines
!!! Overview
[{$pagename}] ([amr]) is an attribute within the [OpenID Connect] [Identity Token].
[{$pagename}] ([amr]) [claim] is defined and registered in the IANA "[JSON Web Token Claims]" registry. Additionally, [JSON Web Token Claims] also defines the "[amr_values]" [Authentication Request] parameter for requesting that a set of [Authentication Method Reference Values] be used for processing the [Authentication Request].
The initial set of [Authentication Method Reference Values] and [IANA Registry] is defined within [RFC 8176].
!! Relationship to [Authentication Context Class Reference] ([acr])
The [Authentication Context Class Reference] ([acr]) claim and [acr_values] request parameter are related to the [{$pagename}] ([amr]) claim, but with important differences.
An Authentication Context Class specifies a set of business rules that [authentications] are being requested to satisfy. These rules can often be satisfied by using a number of different specific [Authentication Methods], either singly or in combination. Interactions using [acr_values] request that the specified[ Authentication Context Class] be used and that the result should contain an acr claim saying which [Authentication Context Class] was satisfied. The [acr] claim in the reply states that the business rules for the class were satisfied -- not how they were satisfied.
In contrast, interactions using the [amr] claim make statements about the particular [Authentication Methods] that were used. This tends to be more brittle than using [acr], since the [Authentication Methods] that may be appropriate for a given [authentication] will vary over time, both because of the evolution of attacks on existing methods and the deployment of new [Authentication Methods].
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop