PAPE and NIST level policies.
Nat
sakimura at gmail.com
Tue Nov 25 10:03:00 UTC 2008
The proposal on the table has generalized NIST thing, I believe.
As to the upstream hint is concerned, I think it is a good idea but it
was out of scope of the current WG. It belongs to the future spec I
guess.
=nat at TOKYO via iPhone
On 2008/11/25, at 18:10, Martin Paljak <martin at paljak.pri.ee> wrote:
> Hi.
>
> PAPE responses have the ability to send NIST levels used for
> authentication. It would be useful to add these levels as standardized
> request policy URLs to the spec so that the RP could send hints on
> wished authentication strength to the OP.
>
> BTW, why is there a specific nist_auth_level parameter which is
> directly tied to one standards institute yet the 'core' of PAPE,
> policies, don't really define anything except vague 'policies to be
> specified elsewhere' ?
>
>
> --
> Martin Paljak
> http://martin.paljak.pri.ee
> +372.515.6495
>
>
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list