PAPE and NIST level policies.
Martin Paljak
martin at paljak.pri.ee
Tue Nov 25 09:10:13 UTC 2008
Hi.
PAPE responses have the ability to send NIST levels used for
authentication. It would be useful to add these levels as standardized
request policy URLs to the spec so that the RP could send hints on
wished authentication strength to the OP.
BTW, why is there a specific nist_auth_level parameter which is
directly tied to one standards institute yet the 'core' of PAPE,
policies, don't really define anything except vague 'policies to be
specified elsewhere' ?
--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495
More information about the specs
mailing list