[OpenID] Initial thoughts on OpenID
Eric Norman
ejnorman at doit.wisc.edu
Tue Jul 10 12:12:58 UTC 2007
On Jul 10, 2007, at 5:05 AM, =nat wrote:
> Now, coming to the topic of this "classified OPs", I would rather like
> to think of it as the AQ and Reputation issue.
> To me, Assertion Quality is defined by "Enrollment Quality",
> "Authentication Quality", and "Operational Quality of OP".
> AQE has the first two (though I would like to add several more
> enrollment properties: oob is too broad. I would like to see something
> like In-Person-with-photo-id etc. added.) . The last one can be taken
> care of by Reputation (and audit).
It's always worthwhile to consult the literature and see what others
have done. For instance NIST has done a lot of work in the area. Of
particular relevance to this topic is Special Publication 800-63.
http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Eric Norman
http://ejnorman.blogspot.com
More information about the general
mailing list