OpenID Connect MODRNA Authentication Profile 1.0 defines additional Request parameters in the Authentication Request.
OpenID Connect MODRNA Authentication Profile 1.0 also specifies Authentication Context Class Reference values based on the ISO/IEC DIS 29115 ISO 29115 to be used for the "acr_values" request parameter.
MODRNA supports all request parameters as specified in OpenID Connect Core 1.0 section 188.8.131.52 OpenID.Core and in addition the following parameters are defined or made REQUIRED for clients to send. All additional paramaters are REQUIRED for OpenID Connect Provider to support.REQUIRED. In OpenID.Core this parameter is specified as OPTIONAL. For MODRNA this parameter is REQUIRED in order to enable the Relying Party to indicate a MODRNA conform authentication request to the OpenID Connect Provider. Allowed values are defined OpenID Connect MODRNA Authentication Profile 1.0 Section 4. OPTIONAL. This is a new parameter. The login_hint_token is used to transport a user identifier from the Discovery Service to the OpenID Connect Provider without revealing this identifier to the client. OpenID Connect MODRNA Authentication Profile 1.0 Section 6 specifies the structure of this parameter. Protection of the login_hint_token's content is specified in OpenID Connect MODRNA Authentication Profile 1.0 Section 6.1. OPTIONAL. This is a new parameter. An Interlock message to tie the consumption device and the authentication device together. How to ensure that the message is actually shown on all relevant devices is out of the scope of this document. Possible values and constraints are specified in OpenID Connect MODRNA Authentication Profile 1.0 Section 7. Ways to protect the integrity of the binding_message are discussed in OpenID Connect MODRNA Authentication Profile 1.0 Section 9.
More Information#There might be more information for this subject on one of the following:
- Authentication Context Class Values
- OpenID Connect Mobile Discovery Profile
- Web Blog_blogentry_070317_1