5.1
1) Clarified.
2 & 3) Changed the MUST to a SHOULD, since the intent was never to
restrict what a user could do.
4) Changed to "Integer"
5.2
1) What is the use-case for this? As the parameter always describes the
policies returned in pape_auth_policies, the Provider should always know
how l
1) I imagine the URLs will become live at some point. :)
2) I wouldn't mind renaming it to "no-shared-secrets" which can also
have a corresponding less secure policy of "shared-secret-second" or
something like that which means the user provided a shared secret only
after first providing something
Thanks, definitely am! Just catching up on a lot of email now.
--David
-Original Message-
From: Johnny Bufu [mailto:[EMAIL PROTECTED]
Sent: Friday, July 13, 2007 11:05 AM
To: Recordon, David
Cc: specs@openid.net
Subject: Re: OpenID Provider Authentication Policy Extension
David,
On 22
