[OpenID-specs-EAP] Proof-of-possession (pop) AMR method added to OpenID Enhanced Authentication Profile spec

[Mike Jones]

I've defined an Authentication Method Reference (AMR) value called "pop" to indicate that Proof-of-possession of a key was performed.  Unlike the existing "hwk" (hardware key) and "swk" (software key) methods, it is intentionally unspecified whether the proof-of-possession key is hardware-secured or software-secured.  Among other use cases, this AMR method is applicable whenever a WebAuthn<https://www.w3.org/TR/2021/REC-webauthn-2-20210408/> or FIDO<https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html> authenticator are used.

The specification is available at these locations:

  *   https://openid.net/specs/openid-connect-eap-acr-values-1_0-01.html
  *   https://openid.net/specs/openid-connect-eap-acr-values-1_0.html

Thanks to Christiaan Brand<https://twitter.com/christiaanbrand> for suggesting this.

                                                       -- Mike

P.S.  This note was also published at https://self-issued.info/?p=2198 and as @selfissued<https://twitter.com/selfissued/>.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-eap/attachments/20211014/4fbf6e51/attachment.html>