[Openid-specs-ab] acr values
mike at gluu.org
mike at gluu.org
Tue Aug 13 14:09:09 UTC 2013
John,
I like it... in fact we could also do a mapping for auth_mode, because
the way OX uses auth_mode is different than what is proposed for "amr"
(in OX auth_mode can't be multi-value).
So I think the main issue is that the way acr is defined in the spec,
it is a little hard for us "normal people" to understand. A few more
examples would be helpful.
Also, I'm a little unclear where the registry would exist. Is there a
standard location in .well-known to publish these policies?
thx,
Mike
On 2013-08-13 08:48, John Bradley wrote:
> Sure the nice thing about URI is that people won't confuse
> http://example.com/auth_level/0 with http://bar.com/auth_level/0 as
> they may mean completely different things.
>
> If people want to do interfederation the registry is there to point
> to the agreed policy.
>
> In the local case putting a document at the URI to explain the local
> policy to help developers is a good idea but not required.
>
>
> Sent from my iPhone
>
> On 2013-08-12, at 11:11 PM, mike at gluu.org wrote:
>
>> John,
>>
>> Nat also made the case to me a while back that ACR could be used for
>> domain or federation level policy. One of the reasons we implemented
>> our own solution was because it was unclear how to use ACR. Perhaps
>> more examples in the documentation would be helpful. Are you proposing
>> that a domain could have an acr value such as
>> "http://example.com/auth_level/0" ?
>>
>> - Mike
>>
>>
>>
More information about the Openid-specs-ab
mailing list