Hi David, your extension is an authentication policy declaration from
the user to the RP.
PAPE allows the RP to declare its authentication policy to the OP (and
vice versa).
I wonder if there is an opportunity for convergence?
Or at minimum a naming scheme that hilites the commonality .. UAPE
:-)
paul
David Fuelling wrote:
For anyone interested, I've put out a 2nd draft of my
OP-MultiAuth idea. I think the first draft was pretty confusing, so
hopefully this clarifies things a bit more.
Wiki Page: http://wiki.openid.net/OP-MultiAuth
Actual Draft: http://wiki.openid.net/f/openid-provider-multiauth-extension-1_0-2.html
In a nutshell, the idea here is to protect end-users against a "rogue
OP" by providing a mechanism for a Claimed Identifier to mandate that
an RP get valid auth assertions from two or more different OP's before
giving access to RP-protected resources.
Thanks!
David
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
No virus found in this incoming message.
Checked by AVG.
Version: 7.5.552 / Virus Database: 270.10.8/1899 - Release Date: 17/01/2009 5:50 PM
--
Paul Madsen
e:paulmadsen @ ntt-at.com
p:613-482-0432
m:613-282-8647
web:connectid.blogspot.com
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs