I am keen for the RP to identify itself when it performs discovery – and I
would love this feature to be in 2.0 before it is finalized.
The proposal is very simple (to describe and to implement):
RPs add a “From:” HTTP header field to HTTP requests made during the discovery
phase.
The underlyin
Begin forwarded message:
> From: David Recordon <[EMAIL PROTECTED]>
> Date: October 23, 2007 4:39:23 PM PDT
> To: OpenID List <[EMAIL PROTECTED]>
> Subject: [OpenID] Provider Assertion Policy Extension Draft 2
> Published
> Reply-To: [EMAIL PROTECTED]
>
> Hey all,
> Draft 2 of PAPE has now bee
On 23-Oct-07, at 2:58 PM, David Recordon wrote:
> Cool, committed.
Great, thanks!
> We ready to publish Draft 2?
Yes; the only outstanding issue (from my point of view, which I
suppose will have to wait for draft 3), is clarifying 'active
authentication' means.
Johnny
__
Cool, committed.
http://svn.openid.net/diff.php?repname=specifications&path=%
2Fprovider_authentication_policy_extension%2F1.0%2Ftrunk%2Fopenid-
provider-authentication-policy-extension-1_0.xml&rev=378&sc=1
We ready to publish Draft 2?
--David
On Oct 23, 2007, at 2:46 PM, Barry Ferg wrote:
>
I see both sides of this. At the end of the day the RP is ultimately
making the decision as to if the user can proceed or not. Just as in
SREG if the RP says email is required and the user/OP choose not to
provide it, the RP still has to decide what to do.
I do agree that it is easier on a
I see no need to rush OpenID 2.0 if the parties involved here on this
mailing list can't even commit to not sue each other. Seems like a
no-brainer to me.
Yes, maybe some third-party has a patent and can assert it later, but
let's at least say amongst ourselves, in the form of an IPR policy,
that
+ [...] For example it is recommended that if the OP
+specified the Multi-Factor Physical Authentication policy
and the RP
+requested the Multi-Factor Authentication policy, that the RP's
+requirements were met.
This puts undue requirements on the RP implementati
Recently saw a demo of Vidoop and think there approach rocks. Was
curious if there is an opportunity to express an authentication strength
and style as an attribute to be consumed by the relying party.
*
This communication,