Project news

Secure QR Code Authentication v1.0 from ESAT TC approved as a Committee Specification

By Paul Knight

Specification is ready for testing and implementation

OASIS is pleased to announce that Secure QR Code Authentication Version 1.0 from the OASIS Electronic Secure Authentication (ESAT) TC [1] has been approved as an OASIS Committee Specification.

This document describes the use of QR Codes and a mobile phone as a replacement for a username and password in user login authentication. An alternative to passwords that includes QR Codes is described, and typical use cases are described. This document also provides an overview and context for using QR Codes for security purposes.

In addition, this document specifies a “Secure QR Code Authentication Protocol” (SQRAP) and assesses the related security threats and risks.

This Committee Specification is an OASIS deliverable, completed and approved by the TC and fully ready for testing and implementation.

The documents and related files are available here:

Secure QR Code Authentication Version 1.0
Committee Specification 01
01 July 2022

Editable source (Authoritative):
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.docx
HTML:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.html
PDF:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.pdf

For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:
https://docs.oasis-open.org/esat/sqrap/v1.0/cs01/sqrap-v1.0-cs01.zip

Members of the ESAT TC [1] approved this specification by Special Majority Vote. The specification had been released for public review as required by the TC Process [2]. The vote to approve as a Committee Specification passed [3], and the document is now available online in the OASIS Library as referenced above.

Our congratulations to the TC on achieving this milestone and our thanks to the reviewers who provided feedback on the specification drafts to help improve the quality of the work.

========== Additional references:
[1] OASIS Electronic Secure Authentication (ESAT) TC
https://www.oasis-open.org/committees/esat/

[2] Public reviews:
– 30-day public review, 12 May 2022:
https://docs.oasis-open.org/esat/sqrap/v1.0/csd01/sqrap-v1.0-csd01-public-review-metadata.html
https://lists.oasis-open.org/archives/members/202205/msg00003.html
– Comment resolution log:
https://docs.oasis-open.org/esat/sqrap/v1.0/csd01/sqrap-v1.0-csd01-comment-resolution-log.docx

[3] Approval ballot:
https://www.oasis-open.org/committees/ballot.php?id=3713

The work of OASIS is supported by organizations from around the world. Members include:

View all our members