Peter Williams wrote:
is it openid1 or openid2?
if its openid2, what is the "pape" value that a relying party can
request, to ensure that it's a "trustbearer" authentication between
user/device and the OP?
is trustbearer mechanism of user auth actually a. SSL client cert auth,
using a cert on the device? b. 7816 authentication? c. ICC proprietary
authentication (e.g. GlobalPlatform), or something else?
OpenID 1 and 2 capable
We respond that its level 4 due to the hardware token involved + policies demarking
phishing protection, multi-factor & multi-factor physical.
User auth is being performed using challenge-response based on the certificate from the
token. Pre-registration is necessary since effectively, only the public key is used for
our setup.
--
Thomas Harning @ TrustBearer Labs (http://www.trustbearer.com)
Secure OpenID: https://openid.trustbearer.com/harningt
3201 Stellhorn Road 260-399-1656
Fort Wayne, IN 46815
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
