<head>
<style>
code {
font-family: SFMono-Regular, Menlo, Consolas, "PT Mono", "Liberation Mono", Courier, monospace;
}
p {
border-radius: 0px;
}
ol.custom-editor-ordered-list-class {
padding-inline-start: 0px;
margin: 1px 0px;
padding-inline-start: 24px;
min-height: calc(1.5em + 6px);
}
ul.custom-editor-bullet-list-class {
padding-inline-start: 0px;
margin: 1px 0px;
padding-inline-start: 24px;
min-height: calc(1.5em + 6px);
}
pre.custom-editor-code-block-class {
flex-shrink: 1;
text-align: left;
font-family: SFMono-Regular, Menlo, Consolas, "PT Mono", "Liberation Mono", Courier, monospace;
font-size: 13.6px;
tab-size: 2;
padding: 34px 16px 32px 32px;
min-height: 1em;
white-space: pre;
border-radius: 4px;
text-align: left;
position: relative;
background: rgba(135,131,120,.15);
min-width: 0px;
width: 100%;
box-sizing: border-box;
}
hr.custom-editor-divider-class {
border: none;
border-top: 1px solid rgba(135,131,120,.15);
width: 100%;
}
blockquote {
border-left: 3px solid currentcolor;
padding-inline-start: 14px;
margin: 0px;
margin-top: 4px;
font-size: 1em;
padding-right: 2px;
padding-top: 3px;
padding-bottom: 3px;
padding-left: 14px;
}
blockquote.light {
border-left-color: rgba(55, 53, 47, 0.16);
}
blockquote.dark {
border-left-color: rgba(255, 255, 255, 0.13);
}
aside {
display: flex;
width: 100%;
max-width: 100%;
box-sizing: border-box;
border-radius: 4px;
background: rgba(135,131,120,.15);
padding: 16px 16px 16px 12px;
white-space: pre-wrap;
word-break: break-word;
}
.callout-emoji {
user-select: none;
display: flex;
align-items: center;
justify-content: center;
height: 24px;
width: 24px;
font-size: 21.6px;
box-sizing: border-box;
margin-top: -3px;
border-radius: 0.25em;
flex-shrink: 0;
flex-grow: 0;
}
.callout-emoji > img {
height: 18px;
width: 18px;
margin-top: auto;
margin-bottom: auto;
}
.callout-content {
margin-left: 8px;
margin-top: auto;
display: table;
width: 100%;
}
.custom-editor-task-list-class {
list-style: none;
padding: 0;
margin: 0;
}
.custom-editor-task-item-class {
display: flex;
align-items: center;
}
.custom-editor-task-item-class > label {
margin-right: 0.5rem;
cursor: pointer;
user-select: none;
display: flex;
align-items: center;
}
.custom-editor-task-item-class > label > input[type="checkbox"] {
margin-right: 0.5rem;
}
.custom-editor-task-item-checked-class > * {
text-decoration: line-through rgba(55, 53, 47, 0.42);
color: rgba(55, 53, 47, 0.65);
}
.custom-editor-rendered-mention {
opacity: 0.6;
color: unset;
}
.custom-editor-rendered-mention > a {
color: unset;
}
.custom-editor-rendered-mention-page {
font-weight: 500;
max-width: 200px;
}
.custom-editor-rendered-mention-page > a {
color: unset;
}
.custom-editor-rendered-mention-page-link {
border-bottom: 0.05em solid rgba(95, 94, 91, 1);
text-decoration: none !important;
}
pre {
flex-shrink: 1;
text-align: left;
font-family: SFMono-Regular, Menlo, Consolas, "PT Mono", "Liberation Mono", Courier, monospace;
font-size: 13.6px;
tab-size: 2;
padding: 34px 16px 32px 32px;
min-height: 1em;
white-space: pre;
border-radius: 4px;
text-align: left;
position: relative;
background: rgb(247, 246, 243);
min-width: 0px;
width: 100%;
box-sizing: border-box;
text-wrap: wrap;
}
a.custom-editor-link-class {
color: rgba(120, 119, 116, 1);
cursor: pointer;
text-decoration-thickness: 0.05em;
text-underline-offset: 3px;
}
</style>
<style>
* {
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
-webkit-font-smoothing: antialiased;
line-height: 1.3;
font-family: ui-sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, "Apple Color Emoji", Arial, sans-serif, "Segoe UI Emoji", "Segoe UI Symbol";
}
p {
margin: 0px 0px 0px 0px !important;
min-height: 19.5px; /* Set a minimum height so empty p tags still take up vertical space; matches gmail empty line height */
}
</style>
</head>
<body>
<p dir="auto">I’m sharing this issue and comment via email for wide visibility to ensure we can collect feedback from as many IdPs as possible on their use of the <code class="custom-editor-code-class">amr</code> and <code class="custom-editor-code-class">auth_time</code> claims.</p><p dir="auto"></p><p dir="auto">Please see <a target="_blank" rel="noopener noreferrer nofollow" class="custom-editor-link-class" href="https://github.com/openid/ipsie/issues/96#issuecomment-3053621466">https://github.com/openid/ipsie/issues/96#issuecomment-3053621466</a> to provide your feedback on how these claims are issued today by IdPs.</p><p dir="auto"></p><p dir="auto">“If you are an IdP or have implemented an IdP, can you please document how your service issues the amr and auth_time claims. Specifically, we want to know:</p><ul class="custom-editor-bullet-list-class" dir="auto"><li dir="auto"><p dir="auto">Do you issue one or more values for the amr claim?</p><ul class="custom-editor-bullet-list-class" dir="auto"><li dir="auto"><p dir="auto">If so, is there any structure to the order of the values?</p></li></ul></li><li dir="auto"><p dir="auto">After primary authentication (e.g. password, passkey, MFA) do you later perform any risk based authentication? </p><ul class="custom-editor-bullet-list-class" dir="auto"><li dir="auto"><p dir="auto">If so, do you change the amr after RBA, either by changing it to rba or adding rba to the list of amr values?</p></li></ul></li><li dir="auto"><p dir="auto">Does your service change the <code class="custom-editor-code-class">auth_time</code> value to match the time of the RBA or does the value match the time of the initial authentication event?</p></li></ul><p dir="auto"></p><p dir="auto">We want to understand what the common patterns in use are in order to minimize any disruption of existing services.”</p><p dir="auto"></p><p dir="auto">Thanks,</p><p dir="auto">-dhs</p><p dir="auto"></p><div class="signature"><p dir="auto">--</p><div dir="auto"><p dir="auto">Dean H. Saxe</p></div><div dir="auto"><p dir="auto"><a target="_blank" rel="noopener noreferrer nofollow" class="custom-editor-link-class" href="mailto:dean@thesax.es">dean@thesax.es</a></p></div></div>
</body>