[OpenID] PAPE and the Authentication Policies
Paul Madsen
paulmadsen at rogers.com
Mon Aug 11 10:50:32 UTC 2008
FWIW, this is how SAML's mechanism for extending Authentication Context
works as well - an 'approved' list of class URIs can be extended by any
community that feels the list doesn't address their requirements.
paul
Dick Hardt wrote:
> On 9-Aug-08, at 3:59 AM, Anders Feder wrote:
>
>
>> lør, 09 08 2008 kl. 11:21 +0200, skrev Christoph Eunicke:
>>
>>> Also since the addition of a policy would require to change both
>>> (Provivder and RP), I don't see how additional policies could spread
>>> out. Why should my RP request the additional policy
>>> "using-a-blue-keyboard" if I already know that the only OP in the
>>> world
>>> that supports this policy is the one I've written.
>>>
>> I'm not involved in the development of these standards, but the idea
>> would be that a community of OpenID nodes with common security
>> interests
>> (say, a group of banks or a group of government agencies running both
>> RP's and OP's) would be able to agree on a policy together and
>> implement
>> it swiftly among themselves, without having to go through a lengthy
>> OpenID standards process. The alternative for these users in many
>> cases
>> would be dropping OpenID altogether, which would be even worse in
>> terms
>> of fragmentation.
>>
>
> That is EXACTLY the idea Anders. Similarly for Attribute Exchange.
>
> A community can gather independent of the rest of the OpenID community
> and decide how things will work. Avoids having to get everyone to
> agree on schemas. The size of a community could just be two parties.
>
> -- Dick
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
--
Paul Madsen e:paulmadsen @ ntt-at.com
NTT p:613-482-0432
m:613-282-8647
aim:PaulMdsn5
web:connectid.blogspot.com
More information about the general
mailing list