IETF Logo Mail Archive

[OAUTH-WG] “amr” Values specification addressing area director comments

Mike Jones <Michael.Jones@microsoft.com> Mon, 14 November 2016 07:27 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 11B1F12954E for <oauth@ietfa.amsl.com>; Sun, 13 Nov 2016 23:27:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q6SdYMfBwm9I for <oauth@ietfa.amsl.com>; Sun, 13 Nov 2016 23:27:22 -0800 (PST)
Received: from NAM03-DM3-obe.outbound.protection.outlook.com (mail-dm3nam03on0127.outbound.protection.outlook.com [104.47.41.127]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B241129415 for <oauth@ietf.org>; Sun, 13 Nov 2016 23:27:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=gkzxmNcVHUBKqoVHDstx86MVfErfUimh1551h1EuDR0=; b=mASEkai0+2EM9Tp/uwhxZdt0dOiWDOwkTEBYS99m78YfO3vg9RPEqB7E1Ho3EjDCynskcpRwv/fzMEU2BKbbrDUBKgAvuFubTpmcT9CU88I+RkwBjbUEEllSz/JHoqsfviP97zGxnfDPs9GU+BXgmywaAPvbuupMZnOsDsL1h2k=
Received: from BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) by BN3PR03MB2355.namprd03.prod.outlook.com (10.166.74.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.721.10; Mon, 14 Nov 2016 07:27:17 +0000
Received: from BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) by BN3PR03MB2355.namprd03.prod.outlook.com ([10.166.74.150]) with mapi id 15.01.0721.015; Mon, 14 Nov 2016 07:27:17 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: “amr” Values specification addressing area director comments
Thread-Index: AdI+RPl5sFlAkle3SfCPM1tej3BFVQ==
Date: Mon, 14 Nov 2016 07:27:17 +0000
Message-ID: <BN3PR03MB2355F7434CE53FDF7007AA1BF5BC0@BN3PR03MB2355.namprd03.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:67c:370:128:dca7:1fb6:1ff6:f5d3]
x-microsoft-exchange-diagnostics: 1; BN3PR03MB2355; 7:ywTsOfbu+nvPqUQnyqCG0GbgihsHCOia4SKkG3Pq9Pow78Nm9fJuzxOBn2Nd1k30zrrUR+4+UFBXPYHJRPoo7NNChMfa23DpVP61mwZQAPk5wQzaS+v3UAq9LE7HvcbSUmPL0zw6voL4X55Wz9lnmOnM/IT+rkeugvzim1+jFWbcigPBXYBK/+Y02/E56N/7zLqSUDpm5ud01x68sqrsTCu2begCT1ClUrCvLwTyRujPNjsbJ1FW/veCbtNRRHJaepJVS9BVpycUES35wdsy+Yltl4/En/W0eVzJnN/kPkoD9JQ/B/L0kfiDFSW43sttWRFz/pu5ph/6PL6D0NdQJcDyodqy9JXWoGgHcn+sY2uJpShSMhrHBK6nX/chCNP+
x-ms-office365-filtering-correlation-id: 36e6b604-a216-4550-9c74-08d40c5fa992
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:BN3PR03MB2355;
x-microsoft-antispam-prvs: <BN3PR03MB2355AF6500D7F5E6DE29080EF5BC0@BN3PR03MB2355.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(278428928389397)(192374486261705)(31418570063057)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6060324)(6045074)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(6055026)(61426038)(61427038)(6046074)(6061318); SRVR:BN3PR03MB2355; BCL:0; PCL:0; RULEID:; SRVR:BN3PR03MB2355;
x-forefront-prvs: 0126A32F74
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(209900001)(336003)(199003)(189002)(81166006)(1730700003)(8936002)(101416001)(122556002)(77096005)(99286002)(81156014)(2351001)(86612001)(86362001)(5630700001)(106356001)(33656002)(92566002)(68736007)(2900100001)(74316002)(7906003)(7846002)(7736002)(97736004)(189998001)(10290500002)(5005710100001)(9686002)(8990500004)(10090500001)(107886002)(105586002)(3280700002)(87936001)(2906002)(5640700001)(110136003)(586003)(7696004)(54356999)(50986999)(5660300001)(6116002)(790700001)(76576001)(102836003)(3660700001)(2501003)(6916009)(450100001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR03MB2355; H:BN3PR03MB2355.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BN3PR03MB2355F7434CE53FDF7007AA1BF5BC0BN3PR03MB2355namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Nov 2016 07:27:17.1986 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR03MB2355
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/I2aiBZN2tEkQrx9EKdMuzH7YtOc>
Subject: [OAUTH-WG] “amr” Values specification addressing area director comments
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Nov 2016 07:27:24 -0000

Draft -04 of the Authentication Method Reference Values specification addresses comments by our security area director Kathleen Moriarty.  Changes were:

·       Added “amr” claim examples with both single and multiple values.

·       Clarified that the actual credentials referenced are not part of this specification to avoid additional privacy concerns for biometric data.

·       Clarified that the OAuth 2.0 Threat Model [RFC6819] applies to applications using this specification.

The specification is available at:

·       http://tools.ietf.org/html/draft-ietf-oauth-amr-values-04

An HTML-formatted version is also available at:

·       http://self-issued.info/docs/draft-ietf-oauth-amr-values-04.html

                                                       -- Mike

P.S.  This notice was also posted at http://self-issued.info/?p=1617 and as @selfissued<https://twitter.com/selfissued>.

v2.23.0 | Report a Bug | By Email