Getting authentication strength when accepting OpenID
John Bradley
john.bradley at wingaa.com
Mon Aug 16 15:15:24 UTC 2010
An example of a real profile that people are certified against is:
http://idmanagement.gov/documents/ICAM_OpenID20Profile.pdf
John B.
On 2010-08-16, at 8:40 AM, Paul Madsen wrote:
> and wrt the 'standards' for what goes in the PAPE extension, look at
>
> http://openidentityexchange.org/ and
>
> http://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Certification+Program
>
> On 16/08/2010 2:22 AM, David Recordon wrote:
>> Hey Dennis, take a look at the Provider Authentication Policy Exchange
>> extension as it's meant to provide some of this sort of information.
>> It is a bit more abstract then what you're describing, but has been
>> used successfully for similar needs
>>
>>
>> http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html
>>
>>
>> --David
>>
>>
>> On Sun, Aug 15, 2010 at 10:08 PM, Dennis Gearon
>> <gearond at sbcglobal.net>
>> wrote:
>>
>>> I would like to hear some small discussion on an idea/request that I have for the openID spec.
>>>
>>> When validating with an openID source/server (not uup to speed on architecture of openID yet), part of what gets returned is the following data:
>>>
>>> A/ A standardized authentication-difficulty rating from the site validating the user. I.E., If my password at yahoo is only 6 characters long, and Yahoo accepts it, yahoo still runs an openID lib procedure against the password when it's created and some standard values get returned, i.e.:
>>>
>>> weak
>>> OK
>>> strong
>>> exceptional.
>>>
>>> B/ A second field saying whether multiple tokens were used, such as:
>>>
>>> one time pad rotating code key fobs
>>> password and drop of blood
>>> password and handprint
>>> et. al.
>>>
>>> OR, it could send a value saying it meets certain standards out there, if there are any. Maybe setting standards would be a good idea!!! I bet the military has some. Apparently, congressmen and others aren't required to use them on their email/social site accounts ;-)
>>>
>>>
>>>
>>>
>>> Dennis Gearon
>>>
>>> Signature Warning
>>> ----------------
>>> EARTH has a Right To Life,
>>> otherwise we all die.
>>>
>>> Read 'Hot, Flat, and Crowded'
>>> Laugh at
>>> http://www.yert.com/film.php
>>>
>>>
>>> _______________________________________________
>>> specs mailing list
>>>
>>> specs at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-specs
>>>
>>>
>>>
>> _______________________________________________
>> specs mailing list
>>
>> specs at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG -
>> www.avg.com
>>
>> Version: 9.0.851 / Virus Database: 271.1.1/3074 - Release Date: 08/15/10 14:35:00
>>
>>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
More information about the specs
mailing list