[OpenID] Initial thoughts on OpenID
Recordon, David
drecordon at verisign.com
Tue Jul 10 22:56:44 UTC 2007
Just as an FYI, PAPE references SP 800-63.
--David
-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Eric Norman
Sent: Tuesday, July 10, 2007 5:13 AM
To: 'OpenID - General'
Subject: Re: [OpenID] Initial thoughts on OpenID
On Jul 10, 2007, at 5:05 AM, =nat wrote:
> Now, coming to the topic of this "classified OPs", I would rather like
> to think of it as the AQ and Reputation issue.
> To me, Assertion Quality is defined by "Enrollment Quality",
> "Authentication Quality", and "Operational Quality of OP".
> AQE has the first two (though I would like to add several more
> enrollment properties: oob is too broad. I would like to see something
> like In-Person-with-photo-id etc. added.) . The last one can be taken
> care of by Reputation (and audit).
It's always worthwhile to consult the literature and see what others have done. For instance NIST has done a lot of work in the area. Of particular relevance to this topic is Special Publication 800-63.
http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Eric Norman
http://ejnorman.blogspot.com
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general
More information about the general
mailing list