PAPE Extension Specification
Johnny Bufu
johnny at sxip.com
Thu Oct 11 16:33:16 UTC 2007
On 8-Oct-07, at 4:56 PM, Jonathan Daugherty wrote:
> # Yep, the idea is for the PAPE spec to define a few generic and
> # agreed upon policies and then RPs and OPs can create others. Thus
> # if there isn't agreement on a policy, there would be multiple policy
> # URIs. Same concept as in Attribute Exchange.
>
> Using policy URIs to indicate certain modes of authentication is a
> fine idea, but that doesn't really address the original issue: the
> spec does not define "active" ("direct") authentication.
Agreed. PAPE spec should define one such policy that's acceptable for
most of the OPs/RPs (and tie auth_age to it), leaving the possibility
open for anyone to define other similar policies.
This could be a bit tricky to specify if there's another parameter
involved, but we should be able to come up with a solution.
Johnny
More information about the specs
mailing list