[OpenID] Assertion Quality Extension => openid.importance
Martin Atkins
mart at degeneration.co.uk
Tue Dec 12 19:35:59 UTC 2006
Manger, James H wrote:
>
> The user-centric solution is not for the RP to specify a max auth age (or captcha or email verification or handbio or hardotp…), but for the RP to indicate the importance of the authentication. The user (with a little help from their OP) decides how to react (eg whether or not to login again) based on the importance/RP/auth-age/….
>
I like this approach a lot more. It seems a lot more honest as to what's
really going on, and it leaves protecting the task of user's interests
in the IdP's hands where it belongs.
More information about the specs
mailing list