OTPtokensid - Infinite Lexicon - Infinite Lexicon

OTPtokensid

OTPtokensid is a proposed open standard for representing and exchanging one-time password credentials as digital identifiers within identity and access management systems. It defines a unified data model and lifecycle for OTP tokens that can be issued to users and used by both hardware tokens and software authenticators to prove possession of a secret.

Core to OTPtokensid is a token object with fields such as token_id, user_id, issuer, secret_key (encrypted), type

Verification workflows enable an OTP to be validated by a central service or edge verifiers, using cryptographic

Security and privacy considerations include risks such as secret_key leakage, device compromise, phishing, and replay attacks.

Status and adoption: OTPtokensid remains a proposal within identity technology communities, with some prototype work and

challenge-response),

provisioning_uri,

creation_timestamp,

interoperability

phishing-resistant

hardware-backed

privacy-conscious

standardization

interoperability,