[OpenID] Building on the OpenID PAPE specification
David Recordon
drecordon at sixapart.com
Mon Oct 6 21:35:45 UTC 2008
Hey Brian,
I'm jumping on a plane so only got a chance to skim this but it seems
like a great post on some additional needs to use OpenID in higher
trust environments. Thanks for taking the time to write up your
thoughts and share them with the community.
--David
---
Sent from my iPhone classic.
On Oct 6, 2008, at 5:29 PM, "Brian Kelly"
<brian.kelly at trustbearer.com> wrote:
> A few months ago, some members from the OATH community and I got
> together to take a fresh look at the PAPE spec, what it was trying to
> accomplish, and how well it could be implemented. We started holding
> semi-weekly conference calls and over the period of a couple months we
> drafted up a slightly new take on PAPE.
>
> The main difference is that we defined a specific set of
> authentication methods, rather than only using high-level policies.
> After long discussions we found that there was too much ambiguity in
> the high-level policies as defined today in PAPE. We created a draft
> of our modified specification, termed PAPE-Authentication Mechanisms
> (PAPE-AM), and we are beginning to socialize the concepts in that
> draft.
>
> I published a blog post summarizing our motivations, and wanted to
> share it with the greater OpenID mailing list.
>
> http://openidtrustbearer.wordpress.com/2008/10/06/building-on-the-openid-pape-specification/
>
> I would appreciate hearing the thoughts of the readers on this mailing
> list. Please respond publicly, or feel free to contact me directly.
>
> Thank you,
> Brian
>
> --
> Brian Kelly
> TrustBearer Labs
> http://trustbearer.com
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the general
mailing list