-
Notifications
You must be signed in to change notification settings - Fork 12
Description
@gffletch see the notes from July 1.
We determined that the auth_time claim and amr claims should be paired. However, that doesn't resolve the issue of the auth_time if amr has multiple values. @aaronpk and I spoke this morning, we think there needs to be an extension to the core spec which enables the RP to determine the auth_time for each amr value. At first glance, a JSON array such as follows would meet the need.
"amr": "hwk, rba"
"auth_time_amr" : [
{"auth_time": 1311280969, "amr": "rba"}
{"auth_time": 1311280000, "amr": "hwk"}
]
This is an example and may not be acceptable syntax, but it should give you an idea of what we're thinking about. I'm open to other ideas of how to represent the mapping of 2..n amr claims to the auth_time of each claim.
Originally posted by @deansaxe in openid/ipsie-openid-sl1#4 (comment)
(Edited to change phr to hwk to match the correct IANA registry values.)