PAPE and NIST level policies.

Nat sakimura at
Tue Nov 25 10:03:00 UTC 2008

The proposal on the table has generalized NIST thing, I believe.

As to the upstream hint is concerned, I think it is a good idea but it  
was out of scope of the current WG. It belongs to the future spec I  

=nat at TOKYO via iPhone

On 2008/11/25, at 18:10, Martin Paljak <martin at> wrote:

> Hi.
> PAPE responses have the ability to send NIST levels used for
> authentication. It would be useful to add these levels as standardized
> request policy URLs to the spec so that the RP could send hints on
> wished authentication strength to the OP.
> BTW, why is there a specific nist_auth_level parameter which is
> directly tied to one standards institute yet the 'core' of PAPE,
> policies, don't really define anything except vague 'policies to be
> specified elsewhere' ?
> -- 
> Martin Paljak
> +372.515.6495
> _______________________________________________
> specs mailing list
> specs at

More information about the specs mailing list