PAPE and NIST level policies.
martin at paljak.pri.ee
Tue Nov 25 09:10:13 UTC 2008
PAPE responses have the ability to send NIST levels used for
authentication. It would be useful to add these levels as standardized
request policy URLs to the spec so that the RP could send hints on
wished authentication strength to the OP.
BTW, why is there a specific nist_auth_level parameter which is
directly tied to one standards institute yet the 'core' of PAPE,
policies, don't really define anything except vague 'policies to be
specified elsewhere' ?
More information about the specs