[OpenID] [SPAM]Re: Phishing resistant policy of PAPE
Peter Williams
pwilliams at rapattoni.com
Tue Oct 28 18:56:14 UTC 2008
"authentication mechanism" is not defined by OpenID , and is not half-cited until the discussion of NIST authentication mechanism levels (which is "merely an option these days" in PAPE handling).
should it be "authentication method"?
The table inA.1.1 has column entitled method, note - and AM is OpenID-defined, furthermore.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Paul Madsen
Sent: Tuesday, October 28, 2008 11:09 AM
To: Shishir
Cc: Rob Johnson; Michael Hart; general at openid.net; Santosh Subramanian
Subject: [SPAM]Re: [OpenID] Phishing resistant policy of PAPE
FYI, PAPE 1.0-07 (the version under public review) [1] no longer defines the phishing resistant policy in this manner.
Instead
"An authentication mechanism where a party potentially under the control of the Relying Party can not gain sufficient information to be able to successfully authenticate to the End User's OpenID Provider as if that party were the End User."
[cid:image001.gif at 01C938F4.18C7E920]<http://feeds.feedburner.com/%7Er/blogspot/gMwy/%7E6/1>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081028/5a88858c/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 10551 bytes
Desc: image001.gif
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081028/5a88858c/attachment-0002.gif>
More information about the general
mailing list