Project news

Call for Consent for Secure QR Code Authentication Version 1.0 as OASIS Standard

Call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval opens.

The Electronic Secure Authentication (ESAT) TC members [1] have approved submitting the following CS01 to the OASIS Membership in a call for consent for OASIS Standard:

Secure QR Code Authentication Version 1.0
Committee Specification 01
01 July 2022

This is a call to the primary or alternate representatives of OASIS Organizational Members to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however, your consent is assumed unless you register an objection [2]. To register an objection, you must:

  1. Indicate your objection on this ballot, and
  2. Provide a reason for your objection and/or a proposed remedy to the project.

You may provide the reason in the comment box or by email to the TC on its comment mailing list [2]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid.


The specification describes the use of QR Codes and a mobile phone as a replacement for a username and password in user login authentication. An alternative to passwords that includes QR Codes is described, and typical use cases are described. This document also provides an overview and context for using QR Codes for security purposes.

In addition, the document specifies a “Secure QR Code Authentication Protocol” (SQRAP) and assesses the related security threats and risks.


The Call for Consent opens at 21 September 2022 00:00 UTC and closes on 04 October 2022 23:59 pm timezone. You can access the ballot at:

Internal link for voting members:

Publicly visible link:

OASIS members should ensure that their organization’s voting representative responds according to the organization’s wishes. If you do not know the name of your organization’s voting representative is, go to the My Account page at

then click the link for your Company (at the top of the page) and review the list of users for the name designated as “Primary”.

More Information

The Project received 3 Statements of Use from HYPR, Trusona, and CVS [3].

The prose specification document and related files are available here:

Editable source (Authoritative):



For your convenience, OASIS provides a complete package of the specification document and any related files in ZIP distribution files. You can download the ZIP file at:

Additional information

[1] Electronic Secure Authentication (ESAT) TC

Project IPR page

[2] Comments may be submitted to the TC via the project mailing list at To subscribe, send an empty email to and reply to the confirmation email.

All emails to the TC are publicly archived and can be viewed at

[3] Statements of use

[4] Timeline Summary: