PAPE Extension Specification (part 2)

[David Recordon]

On Oct 9, 2007, at 10:08 AM, Jonathan Daugherty wrote:

> Hi all,
>
> Here are a few more items.
>
> Section 5.1
>
>   - The spec doesn't specify what should be done in the absence of
>     max_auth_age in a PAPE request.  I could assume, but it would be
>     easy enough to specify, say, that the OP is to authenticate the
>     user at its own discretion.

Works for me.  http://svn.openid.net/diff.php? 
repname=specifications&path=% 
2Fprovider_authentication_policy_extension%2F1.0%2Ftrunk%2Fopenid- 
provider-authentication-policy-extension-1_0.xml&rev=372&sc=1

>
>   - In my opinion, the third paragraph for max_auth_age (beginning
>     "The OP should realize") is implicit.  I think it should be
>     removed.

I could be convinced either way.  Personally I lean toward leaving it  
since it provides additional context as to the parameter.  All of  
PAPE is a negotiation dance between the RP and OP, so also inferring  
that a RP may or may not choose to deny access to the user is important.

>
>   - The preferred_auth_policies specification claims, "If multiple
>     policies are requested, the OP SHALL try to satisfy as many as it
>     can."  In terms of language strength, "SHALL try" is an oxymoron.
>     Can we change this to "If multiple policies are requested, the OP
>     SHOULD satisfy as many as possible"?

Good catch.  http://svn.openid.net/diff.php? 
repname=specifications&path=% 
2Fprovider_authentication_policy_extension%2F1.0%2Ftrunk%2Fopenid- 
provider-authentication-policy-extension-1_0.xml&rev=372&sc=1
>
>   - The preferred_auth_policies specification also states that "If no
>     policies are requested, the RP is interested in other information
>     such as the authentication age."  I think that is speculative and
>     should be removed.  If it isn't removed, I think it should be
>     moved to a section discussing the protocol flow more generally.
>

I've moved it down under the "Value:" line which is where most other  
notes are.  If there is somewhere else to put it entirely that is  
good too.  Been trying to augment the parameters with a note so that  
it is easy to get context all in one place.  http://svn.openid.net/ 
diff.php?repname=specifications&path=% 
2Fprovider_authentication_policy_extension%2F1.0%2Ftrunk%2Fopenid- 
provider-authentication-policy-extension-1_0.xml&rev=374&sc=1

Thanks,
--David

> Thanks,
>
> -- 
>   Jonathan Daugherty
>   JanRain, Inc.
>   irc.freenode.net: cygnus in #openid
>   cygnus.myopenid.com
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>