[OpenID] OpenID Provider Authentication Policy Extension 1.0 - Draft 2
Prabath Siriwardena
siriwardena.prabath at gmail.com
Wed Mar 5 09:23:06 UTC 2008
Hi;
As per the OpenID Provider Authentication Policy Extension 1.0 - Draft 2 [1];
"openid.pape.preferred_auth_policies :
Zero or more authentication policy URIs that the OP SHOULD conform to
when authenticating the user. If multiple policies are requested, the
OP SHOULD satisfy as many as it can.
If no policies are requested, the RP may be interested in other
information such as the authentication age. "
Also as per the spec there are three main policy types and there can
be cases where the OP does not support any of those [for example if it
only uses username/password]
Also; before sending the PAPE reponse OP has to authenticate the user.
In the above case [where the OP does not support any of the requested
authetication policies] how should OP authenticate the user?
Thoughts?
Thanks & regards.
- Prabath
[1]: http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-02.html
More information about the general
mailing list