[specs-pape] Proposed PAPE Addendum for Authentication Mechanisms (PAPE-AM)

[Bajaj, Siddharth]

To the PAPE Working Group: 
 
Please find a draft called 'Provider Authentication Policy Extension -
Authentication Mechansims (PAPE-AM)'. This addendum is intended to
extend the policies supported by the existing PAPE specification.
PAPE-AM enables OpenID providers to provide more granular policies and
information to the Relying Parties. 
 
For example, Relying Parties will be able to request that the end user
authenticate to the OpenID Provider using certain forms of credentials
such as a digital certificate on smart card issued by a particular
organization, an OTP token, or that OpenID users be authenticated to the
provider under other certain specific security-related conditions. 
 
Specifically, this addendum currently covers four areas which relate to
the assurance of an authentication against the OpenID provider. Three of
these areas govern the actual authentication process and method: PKI,
OTP, and password. An additional category governs the channel security
used in the connection which established the authenticated session.
 
The authors have deliberated on each of the attributes below and have
tried to keep a sensible balance between simplicity and functionality.
They identify some use cases where such granular control would be
beneficial to the Relying Parties. 
 
The authors want to submit this work to the PAPE WG for consideration to
be included in the PAPE specification or as appropriate. 
 
Thank you for your consideration, 
 
Taylor Venable, Brian Kelly, Mingliang Pei, Siddharth Bajaj & Daniel
Perry. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/specs-pape/attachments/20080929/688ddd87/attachment-0001.htm 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://openid.net/pipermail/specs-pape/attachments/20080929/688ddd87/attachment-0001.html