[OpenID] PAPE and the Authentication Policies
Dick Hardt
dick at sxip.com
Sat Aug 9 17:53:56 UTC 2008
On 9-Aug-08, at 3:59 AM, Anders Feder wrote:
> lør, 09 08 2008 kl. 11:21 +0200, skrev Christoph Eunicke:
>> Also since the addition of a policy would require to change both
>> (Provivder and RP), I don't see how additional policies could spread
>> out. Why should my RP request the additional policy
>> "using-a-blue-keyboard" if I already know that the only OP in the
>> world
>> that supports this policy is the one I've written.
>
> I'm not involved in the development of these standards, but the idea
> would be that a community of OpenID nodes with common security
> interests
> (say, a group of banks or a group of government agencies running both
> RP's and OP's) would be able to agree on a policy together and
> implement
> it swiftly among themselves, without having to go through a lengthy
> OpenID standards process. The alternative for these users in many
> cases
> would be dropping OpenID altogether, which would be even worse in
> terms
> of fragmentation.
That is EXACTLY the idea Anders. Similarly for Attribute Exchange.
A community can gather independent of the rest of the OpenID community
and decide how things will work. Avoids having to get everyone to
agree on schemas. The size of a community could just be two parties.
-- Dick
More information about the general
mailing list