I would like to hear some small discussion on an idea/request that I have for the openID spec.
When validating with an openID source/server (not uup to speed on architecture of openID yet), part of what gets returned is the following data: A/ A standardized authentication-difficulty rating from the site validating the user. I.E., If my password at yahoo is only 6 characters long, and Yahoo accepts it, yahoo still runs an openID lib procedure against the password when it's created and some standard values get returned, i.e.: weak OK strong exceptional. B/ A second field saying whether multiple tokens were used, such as: one time pad rotating code key fobs password and drop of blood password and handprint et. al. OR, it could send a value saying it meets certain standards out there, if there are any. Maybe setting standards would be a good idea!!! I bet the military has some. Apparently, congressmen and others aren't required to use them on their email/social site accounts ;-) Dennis Gearon Signature Warning ---------------- EARTH has a Right To Life, otherwise we all die. Read 'Hot, Flat, and Crowded' Laugh at http://www.yert.com/film.php _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
