<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE rfc [
  <!ENTITY nbsp    "&#160;">
  <!ENTITY zwsp   "&#8203;">
  <!ENTITY nbhy   "&#8209;">
  <!ENTITY wj     "&#8288;">
]>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.7.39 (Ruby 3.4.9) -->
<rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="trust200902" docName="draft-skyfire-oauth-amr-values-00" category="std" consensus="true" submissionType="IETF" tocInclude="true" sortRefs="true" symRefs="true" version="3">
  <!-- xml2rfc v2v3 conversion 3.34.0 -->
  <front>
    <title abbrev="Additional AMR Values">Additional Authentication Method Reference Values</title>
    <seriesInfo name="Internet-Draft" value="draft-skyfire-oauth-amr-values-00"/>
    <author initials="A." surname="Agarwal" fullname="Ankit Agarwal">
      <organization>Skyfire Systems Inc.</organization>
      <address>
        <email>ankit_agarwal@yahoo.com</email>
        <uri>https://skyfire.xyz</uri>
      </address>
    </author>
    <author initials="M." surname="Jones" fullname="Michael B. Jones">
      <organization>Self-Issued Consulting</organization>
      <address>
        <email>michael_b_jones@hotmail.com</email>
        <uri>https://self-issued.info/</uri>
      </address>
    </author>
    <date year="2026" month="July" day="06"/>
    <keyword>agent</keyword>
    <keyword>identity</keyword>
    <keyword>agentic</keyword>
    <keyword>payment</keyword>
    <keyword>commerce</keyword>
    <abstract>
      <?line 64?>

<t>The JWT "amr" (Authentication Methods References) claim
contains values conveying authentication methods used in the authentication.
This specification defines additional Authentication Method Reference values
beyond those already registered to represent additional
authentication methods in use today.</t>
    </abstract>
    <note removeInRFC="true">
      <name>About This Document</name>
      <t>
        The latest revision of this draft can be found at <eref target="https://skyfire-xyz.github.io/draft-skyfire-oauth-amr-values/draft-skyfire-oauth-amr-values.html"/>.
        Status information for this document may be found at <eref target="https://datatracker.ietf.org/doc/draft-skyfire-oauth-amr-values/"/>.
      </t>
      <t>Source for this draft and an issue tracker can be found at
        <eref target="https://github.com/skyfire-xyz/draft-skyfire-oauth-amr-values"/>.</t>
    </note>
  </front>
  <middle>
    <?line 72?>

<section anchor="introduction">
      <name>Introduction</name>
      <t>The JWT <xref target="RFC7519"/> "amr" (Authentication Methods References) claim <xref target="OpenID.Core"/>
contains values conveying authentication methods used in the authentication.
They are registered in the
IANA "Authentication Method Reference Values" registry <xref target="IANA.AMR"/>.</t>
      <t>Since the Authentication Method Reference Values <xref target="RFC8176"/>
specification was published, several new authentication methods have been developed
and/or come into widespread use.
This specification defines additional Authentication Method Reference values
to represent these additional
authentication methods in use today.</t>
      <t>While these Authentication Method Reference values are general purpose
and can be used in any JSON Web Token (JWT) <xref target="RFC7519"/>,
one use case for them is use in KYAPay tokens <xref target="I-D.skyfire-oauth-kyapay-token"/>.</t>
    </section>
    <section anchor="conventions-and-definitions">
      <name>Conventions and Definitions</name>
      <t>The key words "<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL
NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>",
"<bcp14>MAY</bcp14>", and "<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as
described in BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they
appear in all capitals, as shown here.</t>
      <?line -18?>

</section>
    <section anchor="amrValues">
      <name>Authentication Method Reference Values</name>
      <t>The following Authentication Method Reference values
are defined by this specification:</t>
      <section anchor="appMethod">
        <name>"app" (Authenticator App) Method</name>
        <dl>
          <dt>app:</dt>
          <dd>
            <t>Authenticator App (e.g., Okta Verify, Google Authenticator, Microsoft Authenticator)</t>
          </dd>
        </dl>
      </section>
      <section anchor="inpMethod">
        <name>"inp" (In-person Authentication) Method</name>
        <dl>
          <dt>inp:</dt>
          <dd>
            <t>In-person Authentication</t>
          </dd>
        </dl>
      </section>
      <section anchor="vidMethod">
        <name>"vid" (Video Authentication) Method</name>
        <dl>
          <dt>vid:</dt>
          <dd>
            <t>Video Authentication (live video interview)</t>
          </dd>
        </dl>
      </section>
      <section anchor="bgMethod">
        <name>"bg" (Background Authentication) Method</name>
        <dl>
          <dt>bg:</dt>
          <dd>
            <t>Background Authentication (Silent network authentication of phone number, device recognition, geo-location, etc.)</t>
          </dd>
        </dl>
      </section>
      <section anchor="emailMethod">
        <name>"email" (Code or link sent to e-mail) Method</name>
        <dl>
          <dt>email:</dt>
          <dd>
            <t>Use of code or link sent to e-mail</t>
          </dd>
        </dl>
      </section>
      <section anchor="pushMethod">
        <name>"push" (Push notification to mobile phone) Method</name>
        <dl>
          <dt>push:</dt>
          <dd>
            <t>Push notification to mobile phone</t>
          </dd>
        </dl>
      </section>
    </section>
    <section anchor="security-considerations">
      <name>Security Considerations</name>
      <t>The security considerations defined in
Authentication Method Reference Values <xref target="RFC8176"/>
apply to this specification.</t>
    </section>
    <section anchor="privacy-considerations">
      <name>Privacy Considerations</name>
      <t>The privacy considerations defined in
Authentication Method Reference Values <xref target="RFC8176"/>
apply to this specification.</t>
    </section>
    <section anchor="iana-considerations">
      <name>IANA Considerations</name>
      <section anchor="ivmRegistry">
        <name>Authentication Method References Registry</name>
        <t>This specification registers the following
Authentication Method Reference values in the
IANA "Authentication Method Reference Values" registry <xref target="IANA.AMR"/>
established by <xref target="RFC8176"/>.</t>
        <section anchor="app-method">
          <name>"app" Method</name>
          <ul spacing="normal">
            <li>
              <t>Authentication Method Reference Name: app</t>
            </li>
            <li>
              <t>Authentication Method Reference Description: Authenticator App</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Specification Document(s): (#appMethod) of this specification</t>
            </li>
          </ul>
        </section>
        <section anchor="inp-method">
          <name>"inp" Method</name>
          <ul spacing="normal">
            <li>
              <t>Authentication Method Reference Name: inp</t>
            </li>
            <li>
              <t>Authentication Method Reference Description: In-person Authentication</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Specification Document(s): (#inpMethod) of this specification</t>
            </li>
          </ul>
        </section>
        <section anchor="vid-method">
          <name>"vid" Method</name>
          <ul spacing="normal">
            <li>
              <t>Authentication Method Reference Name: vid</t>
            </li>
            <li>
              <t>Authentication Method Reference Description: Video Authentication</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Specification Document(s): (#vidMethod) of this specification</t>
            </li>
          </ul>
        </section>
        <section anchor="bg-method">
          <name>"bg" Method</name>
          <ul spacing="normal">
            <li>
              <t>Authentication Method Reference Name: bg</t>
            </li>
            <li>
              <t>Authentication Method Reference Description: Background Authentication</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Specification Document(s): (#bgMethod) of this specification</t>
            </li>
          </ul>
        </section>
        <section anchor="email-method">
          <name>"email" Method</name>
          <ul spacing="normal">
            <li>
              <t>Authentication Method Reference Name: email</t>
            </li>
            <li>
              <t>Authentication Method Reference Description: Code or link sent to e-mail</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Specification Document(s): (#emailMethod) of this specification</t>
            </li>
          </ul>
        </section>
        <section anchor="push-method">
          <name>"push" Method</name>
          <ul spacing="normal">
            <li>
              <t>Authentication Method Reference Name: push</t>
            </li>
            <li>
              <t>Authentication Method Reference Description: Push notification to mobile phone</t>
            </li>
            <li>
              <t>Change Controller: IETF</t>
            </li>
            <li>
              <t>Specification Document(s): (#pushMethod) of this specification</t>
            </li>
          </ul>
        </section>
      </section>
    </section>
  </middle>
  <back>
    <references anchor="sec-combined-references">
      <name>References</name>
      <references anchor="sec-normative-references">
        <name>Normative References</name>
        <reference anchor="RFC8176">
          <front>
            <title>Authentication Method Reference Values</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="P. Hunt" initials="P." surname="Hunt"/>
            <author fullname="A. Nadalin" initials="A." surname="Nadalin"/>
            <date month="June" year="2017"/>
            <abstract>
              <t>The "amr" (Authentication Methods References) claim is defined and registered in the IANA "JSON Web Token Claims" registry, but no standard Authentication Method Reference values are currently defined. This specification establishes a registry for Authentication Method Reference values and defines an initial set of Authentication Method Reference values.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="8176"/>
          <seriesInfo name="DOI" value="10.17487/RFC8176"/>
        </reference>
        <reference anchor="RFC2119">
          <front>
            <title>Key words for use in RFCs to Indicate Requirement Levels</title>
            <author fullname="S. Bradner" initials="S." surname="Bradner"/>
            <date month="March" year="1997"/>
            <abstract>
              <t>In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="2119"/>
          <seriesInfo name="DOI" value="10.17487/RFC2119"/>
        </reference>
        <reference anchor="RFC8174">
          <front>
            <title>Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words</title>
            <author fullname="B. Leiba" initials="B." surname="Leiba"/>
            <date month="May" year="2017"/>
            <abstract>
              <t>RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings.</t>
            </abstract>
          </front>
          <seriesInfo name="BCP" value="14"/>
          <seriesInfo name="RFC" value="8174"/>
          <seriesInfo name="DOI" value="10.17487/RFC8174"/>
        </reference>
      </references>
      <references anchor="sec-informative-references">
        <name>Informative References</name>
        <reference anchor="RFC7519">
          <front>
            <title>JSON Web Token (JWT)</title>
            <author fullname="M. Jones" initials="M." surname="Jones"/>
            <author fullname="J. Bradley" initials="J." surname="Bradley"/>
            <author fullname="N. Sakimura" initials="N." surname="Sakimura"/>
            <date month="May" year="2015"/>
            <abstract>
              <t>JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is used as the payload of a JSON Web Signature (JWS) structure or as the plaintext of a JSON Web Encryption (JWE) structure, enabling the claims to be digitally signed or integrity protected with a Message Authentication Code (MAC) and/or encrypted.</t>
            </abstract>
          </front>
          <seriesInfo name="RFC" value="7519"/>
          <seriesInfo name="DOI" value="10.17487/RFC7519"/>
        </reference>
        <reference anchor="OpenID.Core" target="https://openid.net/specs/openid-connect-core-1_0.html">
          <front>
            <title>OpenID Connect Core 1.0 incorporating errata set 2</title>
            <author initials="N." surname="Sakimura" fullname="Nat Sakimura">
              <organization/>
            </author>
            <author initials="J." surname="Bradley" fullname="John Bradley">
              <organization/>
            </author>
            <author initials="M. B." surname="Jones" fullname="Michael B. Jones">
              <organization/>
            </author>
            <author initials="B. de" surname="Medeiros" fullname="Breno de Medeiros">
              <organization/>
            </author>
            <author initials="C." surname="Mortimore" fullname="Chuck Mortimore">
              <organization/>
            </author>
            <date year="2023" month="December" day="15"/>
          </front>
        </reference>
        <reference anchor="IANA.AMR" target="https://www.iana.org/assignments/authentication-method-reference-values">
          <front>
            <title>Authentication Method Reference Values</title>
            <author initials="" surname="IANA" fullname="IANA">
              <organization/>
            </author>
            <date>n.d.</date>
          </front>
        </reference>
        <reference anchor="I-D.skyfire-oauth-kyapay-token">
          <front>
            <title>KYAPay Token</title>
            <author fullname="Ankit Agarwal" initials="A." surname="Agarwal">
              <organization>Skyfire Systems Inc.</organization>
            </author>
            <author fullname="Michael B. Jones" initials="M. B." surname="Jones">
              <organization>Self-Issued Consulting</organization>
            </author>
            <date day="5" month="July" year="2026"/>
            <abstract>
              <t>   This document defines a token format for agent identity and payment
   tokens in JSON Web Token (JWT) format.  Authorization servers and
   resource servers from different vendors can leverage this token
   format to consume identity and payment tokens in an interoperable
   manner.

              </t>
            </abstract>
          </front>
          <seriesInfo name="Internet-Draft" value="draft-skyfire-oauth-kyapay-token-00"/>
        </reference>
      </references>
    </references>
    <?line 217?>

<section numbered="false" anchor="document-history">
      <name>Document History</name>
      <t>[[ to be removed by the RFC Editor before publication as an RFC ]]</t>
      <t>-00</t>
      <ul spacing="normal">
        <li>
          <t>Initial draft.</t>
        </li>
      </ul>
    </section>
  </back>
  <!-- ##markdown-source:
H4sIAAAAAAAAA71Y63LbuBX+z6dA5T92x6TtbLa71Ww3kS9JlMaWaznxZDKZ
DEhCIiqS4ICgtNyM36XP0ifrdwDqQluyLU+m/mEBODhXHHzngL7ve0aaVHRZ
pxfH0kiV85T1KpOI3MiI0wI7FyZRMbsSI6FFHgn2iaeVKDseD0Mtpnd4z68W
dPCLsdJ1l5Um9rxYRTnPoCvWfGT8clKPpBa+4lDn80z7U8vnHx56ZRVmsiwh
0tQFOPpn128Y22E8LRX0yTwWhcC/3HT2WUdAu9KSpzTp947xozRGV9dvOt5O
XmWh0F0vhjVdL1J5KfKyKrvM6Ep4MP8nD4K14F3WuzrrYTJTejLWqiq67Hpw
OvAmosZS3PWYz/gYSmkgSbs09WJRRjQseJ01OyKVZUJH0CHyCqoZG0uTVCEc
mPv+R/3nwcPRgAPgc8bcvKWJi8gNbJT5mL0lEi1nXKa05bX4g2dFKgKop3Wu
o6TLEmOKsntwsEI8gDjGUkSlNDBpvmPFtMDZG0j1iJGPkIPEZGnH82hZ4SR8
6HWZ0Msn0rDemOsZT7Gq9Jjn8k+bd102dPLYsC6NyErWz6MAm4RzlRPvN+54
X9c8Ucr6zFil5dLjxqgA/ljFMsfRnwfsvcpFuTDkXEYJFyk7XhLu2CLSkd8v
y0rE7AQ5VKUG4V9akzkB38Jv/yb+14kyRFhrEYmSVlQg85E68Lxc6QyKpjZL
rt6c/Hr0y9+6nkfUNuGXn4/+TsMB0r9/GpwobSnICq7HwiyVKGyQcZALc1AW
IiqbBR/5n4vI4BcHdfTt0J6Nk9AAgRNNTtJGRirYUXCIwIGnUJqT40xoDDgr
hWEvOpbf3i/24vDFT/7RC//oZ7s4P3Jm//wm2hfcsCGfyKzS/A7pvUpydqx5
nIr6DmnNGa2SjwFOisUCeBULqdVd+klSRRN2rrSRGXwCtd+76AUArO49U+c8
tGNteGezWSB5zgNkyQEHUo1zuvblAW9hp59Z7PT1HDubG7Ea8KehrecFQeB5
vg+0CUujeWQ87zoR7P3NNevgrnXY7lpJ5VJUuceilMuMQNBwXATmrAFS5VNR
07G2zWdZI6IqkfYyZyDe2RLACFkyyjE5mrPFYiRxQIw/vaY0cQlFrfIYelQJ
TSlQOa6ZFmMJBNCwwSjMCi2A4WZFvLfBbpgM08EV87qJXiZj5JYHaOznRqu4
iohjGcvv35trdnu7bVzBu3Ivb29/dJxFTXVqNRxuq0dpiir8tLLd8Osa5s5v
wO0tojOUtItUP02SCxVBFVxtJ8CMl6yowlSWiYj3gRJToZEEuZht8jzhU8FC
ISh5piIFWsUez+MDFHJAqICnOPoZim5ZUFJQpH5w6rVSCxyUgNsm2E0iU9Ew
P02tPVG0DzY+RQWALQU5ziKeIx6LjOB5zd4PBxfsRoTsWk0QqF2k695qvu57
gEVrT8TxD7WDTMmYtIlFUv75uXfJa5gLfjq/V33/NGiX7UnN0cP4dotNC9yU
E8rbnNyAvbDtlIJsI1O6i4MOibomBKRz/nF4TX0Y/bKLgR1fnf3rY//q7JTG
w3e9Dx8WA6/ZMXw3+PjhdDlacp4Mzs/PLk4dM1ZZa8nrnPc+g0JWdQaX1/3B
Re9Dx90LuI2Ws8osVGg6JAooEkloHLNBXHnpIaEiLUMX5OOTy//+5+glAvMX
BPXFkQUBN0Gav8RkhiN12lSe1s0UQa49XhSCa3tUaYoDKKRBt4q9yNBEzXKW
4NwRzr9+och87bLfwqg4evl7s0AOtxbnMWst2pjdX7nH7IK4ZmmNmkU0W+t3
It22t/e5NZ/HfWXxt1cpriHzj3599btNoadCyg4g141vXWqNVJqqGWHmE+8x
HbVDgZiFtcuDFkagsdrZAbYXRRvbcV16RbE3FwxTisKNYQrGXa9VrN12tiuC
cbDPBhN0Q5+ElqN6n71VapyK9uZ96l/QlaiRaRP2nDkyJ3P6uV8IXcK9trcr
VmHjwiqMyapNXE7yVMaQ/AnYqTZLxaaFVIxJ6joOtpuiGWVTS7JXaSrFrHEh
HEPPMY/s4wlXZKOycLzQFY5J1UYmtjsEouICo5GlZ9nd8qFGrEgI9dwrb5+q
h4yoRkZq7CBqH/Cq/FQ5jn0mTBQ0BtveHTafKLSNOE/k7IQ5/FdM+ERdsdru
Xhju+n7Y/hHQCjOizTKcsqIqE+i6xA/LlVmWLOzLVEiFw7qyopFYFgppQvoe
FWDv21BEeHSY2j5WcFqar8B1OSdGLeLi2sjce0YLgCuSUm1Zc+VcGbnUcsqj
9SYVDe3/a5FtnO6as/MoWlHvN++hduQ0m88sZN1rSeb9Wml7qwWePepQ0yD8
uB7Pw0ufN00ZQeNKqAJyew6KTipK1aOQe2FfSWB6wt5TW2kL95y+h6MQcJLw
fCzoONCXp6nQ7rsPKMNWPE+bor5b7nXZ7hKl9+ga3j/pxjOLr9t6BqZtPduI
xc92cAH4DztoYX5bB8G0rYPrysLznVvUnYedo9KyrW/heFvXNpah5/s3L3UP
u9cUom09tGzbOvlAsXu+myu18WFPXRXc1lHi2tbPx+vks71d1uWNztpvDSHy
icrMnJ29AygrXXvfu03DIuJ/dEZ4J4gOaseXL80bRYtMTeftq6DvfuzMfuMG
cUTf4+zburGN05vM7vn6FWoPDymsfep98KK0H2YD738F6AYi6RcAAA==

-->

</rfc>
