Question about PAPE
Bajaj, Siddharth
sbajaj at verisign.com
Fri Oct 12 22:36:02 UTC 2007
Hi David,
I have a quick question about the PAPE draft specification. In the
response parameters, you can set a parameter called
'openid.pape.nist_auth_level'
There is a section 7.1.2 that describes the paramter and in the last
table the spec maps some of the common authentication technologies to
the NIST levels.
Now for example, lets take an OTP hardware token, which satisfies the
requirements for Levels 1, 2, and 3. So, should the OP set the value of
the parameter to the highest level that it satisfies (in this case 3) or
does the OP individually list all the auth levels it meets (in this case
<1,2,3>). This is not clear From the table or the spec. Given that the
barcelona interop is coming up, can you clarify.
Also, the NIST levels typically take into account the authentication
credential as well as id proofing. I'm guessing that for the purposes of
PAPE we are ignoring the initial ID vetting/id proofing requirements.
Thanks,
Siddharth
More information about the specs
mailing list