PAPE and NIST level policies.
martin at paljak.pri.ee
Tue Nov 25 10:21:17 UTC 2008
Right. I was lazy and google directed me to 1.0-02 as the first
On 25.11.2008, at 12:03, Nat wrote:
> The proposal on the table has generalized NIST thing, I believe.
> As to the upstream hint is concerned, I think it is a good idea but
> it was out of scope of the current WG. It belongs to the future spec
> I guess.
> =nat at TOKYO via iPhone
> On 2008/11/25, at 18:10, Martin Paljak <martin at paljak.pri.ee> wrote:
>> PAPE responses have the ability to send NIST levels used for
>> authentication. It would be useful to add these levels as
>> request policy URLs to the spec so that the RP could send hints on
>> wished authentication strength to the OP.
>> BTW, why is there a specific nist_auth_level parameter which is
>> directly tied to one standards institute yet the 'core' of PAPE,
>> policies, don't really define anything except vague 'policies to be
>> specified elsewhere' ?
>> Martin Paljak
>> specs mailing list
>> specs at openid.net
More information about the specs