[OpenID] OpenID Book draft version available for download

[Peter Williams]

Hans:

Enjoy:-





http://www.rsa.com/node.aspx?id=1313

The underlying OTAR-style (over the air rekey) "provisioning" protocol
is at
http://www1.ietf.org/mail-archive/web/ietf-announce/current/msg03203.htm
l







Rapattoni's major competitor discusses their variant at
http://www.clareitysecurity.com/solutions-safemls-authenticators.cfm







The OpenID assumption still stands, note. An OTP (from some container or
other) allows the human to complete user auth to a IDP. Once that IDP
supports an OP, OpenID Auth converts strong auth claims into a claimset,
along with registration-type attributes. 

The release of attributes of any kind is subject to "policy
decision/enforcement point" behavior, depending on the semantics of the
claim-making protocol. (1) OpenID has policy-decision/enforcement
semantics built in. (2) SAML1.x delegates to an XACML-aware binding.
SAML2 uses comsec controls to apply the writer-to-reader doctrine (i.e
encrypt the attributes on the wire, where key management controls
assures that only intendedRecipients can release the cleartext(s))

OTP values from "connected tokens" require more of token-passing
architectures when... as the underlying strong authentication is
"continuous" - the protocol must emulate "continuous token-making" by
some means 
For example, See http://www.ietf.org/rfc/rfc4793.txt










-----Original Message-----
From: hans at granqvist.com [mailto:hans at granqvist.com] On Behalf Of Hans
Granqvist
Sent: Sunday, July 29, 2007 10:23 AM
To: general at openid.net
Cc: Peter Williams
Subject: Re: [OpenID] OpenID Book draft version available for download

Hi Peter

> ...
> Realty is already making advanced used of OTPs generated on smartphone
> applets; removing the notion of carrying around multiple little key
fobs.

Do you have pointers to more info?

Thanks,
Hans