[Openid-specs-ab] acr values

John Bradley ve7jtb at ve7jtb.com
Tue Aug 13 13:48:24 UTC 2013


Sure the nice thing about URI is that people won't confuse http://example.com/auth_level/0 with http://bar.com/auth_level/0 as they may mean completely different things. 

If people want to do interfederation the registry is there to point to the agreed policy. 

In the local case putting a document at the URI to explain the local policy to help developers is a good idea but not required. 


Sent from my iPhone

On 2013-08-12, at 11:11 PM, mike at gluu.org wrote:

> John,
> 
> Nat also made the case to me a while back that ACR could be used for domain or federation level policy. One of the reasons we implemented our own solution was because it was unclear how to use ACR. Perhaps more examples in the documentation would be helpful. Are you proposing that a domain could have an acr value such as "http://example.com/auth_level/0" ?
> 
> - Mike
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2915 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130813/717d96f0/attachment.p7s>


More information about the Openid-specs-ab mailing list