and wrt the 'standards' for what goes in the PAPE extension, look at
http://openidentityexchange.org/ and http://kantarainitiative.org/confluence/display/certification/Identity+Assurance+Certification+Program On 16/08/2010 2:22 AM, David Recordon wrote:
Hey Dennis, take a look at the Provider Authentication Policy Exchange extension as it's meant to provide some of this sort of information. It is a bit more abstract then what you're describing, but has been used successfully for similar needs http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html --David On Sun, Aug 15, 2010 at 10:08 PM, Dennis Gearon<[email protected]> wrote:I would like to hear some small discussion on an idea/request that I have for the openID spec. When validating with an openID source/server (not uup to speed on architecture of openID yet), part of what gets returned is the following data: A/ A standardized authentication-difficulty rating from the site validating the user. I.E., If my password at yahoo is only 6 characters long, and Yahoo accepts it, yahoo still runs an openID lib procedure against the password when it's created and some standard values get returned, i.e.: weak OK strong exceptional. B/ A second field saying whether multiple tokens were used, such as: one time pad rotating code key fobs password and drop of blood password and handprint et. al. OR, it could send a value saying it meets certain standards out there, if there are any. Maybe setting standards would be a good idea!!! I bet the military has some. Apparently, congressmen and others aren't required to use them on their email/social site accounts ;-) Dennis Gearon Signature Warning ---------------- EARTH has a Right To Life, otherwise we all die. Read 'Hot, Flat, and Crowded' Laugh at http://www.yert.com/film.php _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs No virus found in this incoming message. Checked by AVG - www.avg.com Version: 9.0.851 / Virus Database: 271.1.1/3074 - Release Date: 08/15/10 14:35:00
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
