PAPE and NIST level policies.
Martin Paljak
martin at paljak.pri.ee
Tue Nov 25 10:21:17 UTC 2008
Right. I was lazy and google directed me to 1.0-02 as the first
response ...
m.
On 25.11.2008, at 12:03, Nat wrote:
> The proposal on the table has generalized NIST thing, I believe.
>
> As to the upstream hint is concerned, I think it is a good idea but
> it was out of scope of the current WG. It belongs to the future spec
> I guess.
>
> =nat at TOKYO via iPhone
>
> On 2008/11/25, at 18:10, Martin Paljak <martin at paljak.pri.ee> wrote:
>
>> Hi.
>>
>> PAPE responses have the ability to send NIST levels used for
>> authentication. It would be useful to add these levels as
>> standardized
>> request policy URLs to the spec so that the RP could send hints on
>> wished authentication strength to the OP.
>>
>> BTW, why is there a specific nist_auth_level parameter which is
>> directly tied to one standards institute yet the 'core' of PAPE,
>> policies, don't really define anything except vague 'policies to be
>> specified elsewhere' ?
>>
>>
>> --
>> Martin Paljak
>> http://martin.paljak.pri.ee
>> +372.515.6495
>>
>>
>>
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
--
Martin Paljak
http://martin.paljak.pri.ee
+372.515.6495
More information about the specs
mailing list