[OpenID] PAPE and the Authentication Policies
Christoph Eunicke
christoph at eunicke.de
Sat Aug 9 09:21:12 UTC 2008
Hy,
the PAPE-Spec [1] defines three authentication policies and states that
"additional policies can be specified elsewhere and used without making
changes to this document. The policies described below are designed to
be a starting point to cover the most common use-cases. Additional
polices can be found at http://schemas.openid.net/pape/policies/."
Since implementing theses policies requires changing my Provider AND the
RP-Code (for a start there is no webservice or such like that tells you
the relationship between the policies), I was wondering if anyone has
already seen any peace of code that supports more than these three.
Also since the addition of a policy would require to change both
(Provivder and RP), I don't see how additional policies could spread
out. Why should my RP request the additional policy
"using-a-blue-keyboard" if I already know that the only OP in the world
that supports this policy is the one I've written.
To me this seems like a great way to break interoperability and support
the creation of local dialects instead of a sound specification.
Anyone has any thoughts on this?
Regards,
Christoph Eunicke
[1]
http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-02.html
--
Christoph Eunicke
Computer Networks and Internet
Wilhelm Schickard Institute for Computer Science
University of Tuebingen, 72076 Tuebingen, Germany
More information about the general
mailing list