[Openid-specs-mobile-profile] ACR values
Torsten Lodderstedt
torsten at lodderstedt.net
Sun Nov 22 19:42:01 UTC 2015
Hi all,
based on the discussions in the last WG call, I think we are running
circles again when it comes to ACR values.
What I got:
- usage of LOA values from ISO 29115 seems to confuse people (because
they seem to be not as specfic as we thought and cover identification as
well)
- new EU regulations use other terms and the number of authentication
levels differ
What do you think about the following proposal:
In the end, we want to give the RP a way to request authentication
levels, which are specific to Mobile Connect/MODRNA. Why don't we define
ACR value names, which exactly correspond to what we intend to use? From
my perspective, Mobile Connect requires the following levels:
- urn:openid:modrna:acr:credential:PasswordLess (meaning: posession or
inherence is ok)
- urn:openid:modrna:acr:credential:TwoFactor (any two factors,
software-based solutions are ok)
- urn:openid:modrna:acr:credential:TwoFactorTamperResistant (any two
factors, hardware token required)
Those values are intentionally MODRNA specific and could be mapped (if
needed) to any other model.
What do you think?
best regards,
Torsten.
More information about the Openid-specs-mobile-profile
mailing list