PAPE and NIST level policies.

[Martin Paljak]

Hi.

PAPE responses have the ability to send NIST levels used for  
authentication. It would be useful to add these levels as standardized  
request policy URLs to the spec so that the RP could send hints on  
wished authentication strength to the OP.

BTW, why is there a specific nist_auth_level parameter which is  
directly tied to one standards institute yet the 'core' of PAPE,  
policies, don't really define anything except vague 'policies to be  
specified elsewhere' ?


-- 
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495