[OpenID] Building on the OpenID PAPE specification

Peter Williams pwilliams at rapattoni.com
Thu Oct 9 20:57:26 UTC 2008


It's been pointed out that one has namespace mechanism for vendor/community-specific policies, and polices are merely defined collection of 1 or more methods/mechanisms.

Using namespaces, we have generic signals in pape. To build a general implementation, one simply ignores the stuff about nist and jisa (unless these are relevant to the configuration of a particular RP.)

If the charter had been better handled, there would have been 2 parts to the PAPE spec: the technical request/response signals (independent of any policy/level framework), and the model authentication policy/level framework and its level mapping between nist/jira.

The pape text does have something SAML2's authRequest protocol for websso doesn't have in its handling of authnContext (a pape-like notion): a level mapping mechanism (rather like canada's policy mapping controls in the X.509 v3 extensions of cross certificates).


-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of SitG Admin
Sent: Thursday, October 09, 2008 1:27 PM
To: Drummond Reed
Cc: general at openid.net
Subject: Re: [OpenID] Building on the OpenID PAPE specification

>A general observation that avoiding the suggestion of specific URIs in a
>spec where such URIs are essential for interoperability in a recipe for
>non-interoperability.

Should that last instance of "in" be read as "is"?

-Shade
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general



More information about the general mailing list