Re: [OAUTH-WG] Authentication Method Reference Values spec incorporating adoption feedback

Mike Jones <> Fri, 12 February 2016 16:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 70F821A2119 for <>; Fri, 12 Feb 2016 08:04:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id x1UYbXHchHAD for <>; Fri, 12 Feb 2016 08:04:44 -0800 (PST)
Received: from ( [IPv6:2a01:111:f400:fc10::1:759]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id C98A01A1F1D for <>; Fri, 12 Feb 2016 08:04:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xpxghUxjWKVkj8MZO9RbTgePKWGIYDtEHqti1XsGDxg=; b=S9CkNQ3a0dLu6w2/jlA2ql3vuN5zBR/xvN8eQGYlRvQTUABIDtt3Inb9mf3XKrznw0X6auGVXfuADpmj0acD1h9GUZfY4NiGN3QhIEwdtHHf2EefpDOEh8a7R97OQyfEyObQuiPjJGEtLSaA3G2Jguo3xiOqgiwjuiu9p2gN20s=
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.1.396.15; Fri, 12 Feb 2016 16:04:23 +0000
Received: from ([]) by ([]) with mapi id 15.01.0396.025; Fri, 12 Feb 2016 16:04:23 +0000
From: Mike Jones <>
To: Thomas Broyer <>, "" <>
Thread-Topic: [OAUTH-WG] Authentication Method Reference Values spec incorporating adoption feedback
Thread-Index: AdFlVTP5TWBUSMtZSvC+K8d5oLcJEAAGp10AAA+39KA=
Date: Fri, 12 Feb 2016 16:04:22 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
authentication-results:; dkim=none (message not signed) header.d=none;; dmarc=none action=none;
x-originating-ip: []
x-ms-office365-filtering-correlation-id: 8d11770e-3270-43ac-7427-08d333c62c89
x-microsoft-exchange-diagnostics: 1; BY2PR03MB442; 5:7sSqqltH2FQAbbYJ+/l0MXLzxCyjqOc1yXoWiKlPf4cuADYuKyJ1nc3gFQqbHfQXmTOssRbuFmBy1x5QGbs7VBy9VHbxTgmcycCotpheCzlZKNI6LDF70cCwwtGGPwGNJma0EbzSEa+2YRdmqdGh2A==; 24:bSMhOOfqkMiu0TNNZTnyRgNCdAmu3q/n4topVIF9earqg0JJMaVB49WV7LlIHfeIIK2b8P5vLvPFFsWS27NLw4JEONPwjgE2nKD91Yz172A=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB442;
x-microsoft-antispam-prvs: <>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(8121501046)(10201501046)(3002001)(61426038)(61427038); SRVR:BY2PR03MB442; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB442;
x-forefront-prvs: 0850800A29
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(209900001)(377454003)(66066001)(5004730100002)(189998001)(33656002)(19617315012)(5003600100002)(102836003)(1096002)(92566002)(19300405004)(19625215002)(5001770100001)(107886002)(5001960100002)(5008740100001)(5002640100001)(74316001)(86362001)(575784001)(5005710100001)(77096005)(15975445007)(3280700002)(87936001)(16236675004)(40100003)(8990500004)(586003)(2950100001)(2900100001)(3660700001)(122556002)(2906002)(99286002)(10090500001)(2501003)(3846002)(86612001)(76576001)(11100500001)(19580405001)(19580395003)(10290500002)(1220700001)(10400500002)(76176999)(50986999)(19609705001)(54356999)(6116002)(790700001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB442;; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_BY2PR03MB44249715BC3660B21FB5CCBF5A90BY2PR03MB442namprd_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2016 16:04:23.0149 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB442
Archived-At: <>
Subject: Re: [OAUTH-WG] Authentication Method Reference Values spec incorporating adoption feedback
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Feb 2016 16:04:47 -0000

As Hannes wrote about this draft in his note on February 4th at

With my co-chair hat on: I just wanted to clarify that registering
claims (and values within those claims) is within the scope of the OAuth
working group. We standardized the JWT in this group and we are also
chartered to standardize claims, as we are currently doing with various
drafts. Not standardizing JWT in the IETF would have lead to reduced
interoperability and less security.

From: Thomas Broyer []
Sent: Friday, February 12, 2016 12:32 AM
To: Mike Jones <>;
Subject: Re: [OAUTH-WG] Authentication Method Reference Values spec incorporating adoption feedback

So, you just removed every relationship to OAuth (and the note about OAuth and authentication seems a bit out of context), and I thus wonder why the OAuth WG would adopt this draft; that'd rather be a JOSE thing.

Le ven. 12 févr. 2016 07:03, Mike Jones <<>> a écrit :
This draft of the Authentication Method Reference Values specification incorporates OAuth working group feedback from the call for adoption.  The primary change was to remove the “amr_values” request parameter, so that “amr” values can still be returned as part of an authentication result, but cannot be explicitly requested.  Also, noted that OAuth 2.0 is inadequate for authentication without employing appropriate extensions and changed the IANA registration procedure to no longer require a specification.

The specification is available at:


An HTML-formatted version is also available at:


                                                          -- Mike

P.S.  This announcement was also posted at and as @selfissued<>.
OAuth mailing list<>