PAPE and NIST level policies.
sakimura at gmail.com
Tue Nov 25 10:03:00 UTC 2008
The proposal on the table has generalized NIST thing, I believe.
As to the upstream hint is concerned, I think it is a good idea but it
was out of scope of the current WG. It belongs to the future spec I
=nat at TOKYO via iPhone
On 2008/11/25, at 18:10, Martin Paljak <martin at paljak.pri.ee> wrote:
> PAPE responses have the ability to send NIST levels used for
> authentication. It would be useful to add these levels as standardized
> request policy URLs to the spec so that the RP could send hints on
> wished authentication strength to the OP.
> BTW, why is there a specific nist_auth_level parameter which is
> directly tied to one standards institute yet the 'core' of PAPE,
> policies, don't really define anything except vague 'policies to be
> specified elsewhere' ?
> Martin Paljak
> specs mailing list
> specs at openid.net
More information about the specs