<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
and wrt the 'standards' for what goes in the PAPE extension, look at<br>
<br>
<a class="moz-txt-link-freetext" href="http://openidentityexchange.org/">http://openidentityexchange.org/</a> and<br>
<br>
<a class="moz-txt-link-freetext" href="http://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Certification+Program">http://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Certification+Program</a><br>
<br>
On 16/08/2010 2:22 AM, David Recordon wrote:
<blockquote
cite="mid:AANLkTi=Losojk51dvH-kWKPiEr0YH22vRQ5-wX58bg9F@mail.gmail.com"
type="cite">
<pre wrap="">Hey Dennis, take a look at the Provider Authentication Policy Exchange
extension as it's meant to provide some of this sort of information.
It is a bit more abstract then what you're describing, but has been
used successfully for similar needs
<a class="moz-txt-link-freetext" href="http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html">http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html</a>
--David
On Sun, Aug 15, 2010 at 10:08 PM, Dennis Gearon <a class="moz-txt-link-rfc2396E" href="mailto:gearond@sbcglobal.net"><gearond@sbcglobal.net></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I would like to hear some small discussion on an idea/request that I have for the openID spec.
When validating with an openID source/server (not uup to speed on architecture of openID yet), part of what gets returned is the following data:
A/ A standardized authentication-difficulty rating from the site validating the user. I.E., If my password at yahoo is only 6 characters long, and Yahoo accepts it, yahoo still runs an openID lib procedure against the password when it's created and some standard values get returned, i.e.:
weak
OK
strong
exceptional.
B/ A second field saying whether multiple tokens were used, such as:
one time pad rotating code key fobs
password and drop of blood
password and handprint
et. al.
OR, it could send a value saying it meets certain standards out there, if there are any. Maybe setting standards would be a good idea!!! I bet the military has some. Apparently, congressmen and others aren't required to use them on their email/social site accounts ;-)
Dennis Gearon
Signature Warning
----------------
EARTH has a Right To Life,
otherwise we all die.
Read 'Hot, Flat, and Crowded'
Laugh at <a class="moz-txt-link-freetext" href="http://www.yert.com/film.php">http://www.yert.com/film.php</a>
_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
<pre wrap="">_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a></pre>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
No virus found in this incoming message.
Checked by AVG - <a class="moz-txt-link-abbreviated" href="http://www.avg.com">www.avg.com</a>
Version: 9.0.851 / Virus Database: 271.1.1/3074 - Release Date: 08/15/10 14:35:00
</pre>
</blockquote>
</body>
</html>