OpenID Provider Authentication Policy Extension

[Recordon, David]

Over the past few weeks I've been working on the OpenID Provider
Authentication Policy Extension which is designed to replace the work I
did last year with the Assertion Quality Extension.

Generally, the goal of this extension is to provide Relying Parties with
more information about how the End User authenticated to their Provider.
This is done by a mix of the RP requesting certain policies (such as
phishing-resistant or multi-factor), the OP helping the End User through
the authentication process, and then in the OpenID Authentication
response including the policies that were met as well as optionally a
strength level for the overall authentication.

This extension doesn't speak at all toward trust of the End User or
Provider, so RPs will still have to decide if they believe the
information returned about the authentication in the response.

So please, check it out and let me know what you think...especially
around the questions in the Editorial Comments section at the end.

http://openid.net/specs/openid-provider-authentication-policy-extension-
1_0-01.html
http://openid.net/specs/openid-provider-authentication-policy-extension-
1_0-01.txt

Thanks,
--David