Re: Requiring Pseudonymous Identifier

2009-05-14 Thread Paul Madsen
I dont think this fits either PAPE or AX. I cant see how the privacy characteristics of an identifier are part of 'authentication policy'. How the user authenticates to the OP is (mostly) orthogonal to the nature of the identifier the OP asserts. Nor does it fit the AX description of

Re: Requiring Pseudonymous Identifier

2009-05-12 Thread Paul Madsen
there are telco use cases where a family member, by dint only of 'subscriber authentication' to the IDP/OP, is able to access shared resources (e.g. family calendar) at an SP/RP. Unlike in Chris's academia case the OP/IDP is itself unable to distinguish a particular user from amongst other

Re: Request for consideration of AX 2.0 Working Group Charter Proposal

2009-01-26 Thread Paul Madsen
et/mailman/listinfo/specs -- Paul Madsen e:paulmadsen @ ntt-at.com p:613-482-0432 m:613-282-8647 web:connectid.blogspot.com ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

Re: New OP-MultiAuth Draft Published

2009-01-18 Thread Paul Madsen
09 5:50 PM -- Paul Madsen e:paulmadsen @ ntt-at.com p:613-482-0432 m:613-282-8647 web:connectid.blogspot.com ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs

Re: Use of Qworum for indirect communication

2008-12-17 Thread Paul Madsen
fo/specs No virus found in this incoming message. Checked by AVG. Version: 7.5.552 / Virus Database: 270.9.19/1853 - Release Date: 17/12/2008 8:31 AM -- Paul Madsen e:paulmadsen @ ntt-at.com p:613-482-0432 m:613-282-8647 web:connectid.blogspot.com

Re: Completing the SREG 1.1 specification

2008-12-04 Thread Paul Madsen
there would appear to be an opportunity here for some drop-dead simple cross-protocol harmonization by the larger community agreeing on the definition of these sort of privacy policy identifiers by which a requestor indicates its privacy commitments and the authority any obligations. Define

Re: OpenID/Oauth hybrid [was Re: specs Digest, Vol 27, Issue 3]

2008-11-20 Thread Paul Madsen
Dirk, typo in Sec 6 The Combined Provider SHOULD in addition obtain, from the Combined Provider, a list . paul Dirk Balfanz wrote: Ok, new spec is up: http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html Dirk. On Mon, Nov 17, 2008 at

Re: PAPE Specification Review Period Commencing

2008-10-23 Thread Paul Madsen
Hi Mike, if there were an official line numbered version, it would enable people providing comments against specific lines Or is there another preferred mechanism for feedback? Thanks Paul Mike Jones wrote: The OpenID Provider Authentication Policy Extension (PAPE) Working

Re: This is user's URI for Assertion Quality Extension

2008-09-05 Thread Paul Madsen
No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 270.6.16/1651 - Release Date: 04/09/2008 6:57 AM -- Paul Madsene:paulmadsen @ ntt-at.com NTTp:613

Re: Google OpenID is now live

2008-04-09 Thread Paul Madsen
-- Paul Madsene:paulmadsen @ ntt-at.com NTTp:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com ___ specs mailing list specs@openid.net

Re: Defining PAPE active authentication (WAS: Re: PAPE Extension Specification)

2007-10-22 Thread Paul Madsen
___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-282-8647 aim:PaulMdsn5

of relevance to AQE

2007-02-13 Thread Paul Madsen
): http://www.enisa.europa.eu/pages/authentication/auth_ws.htm Action Plan: http://www.enisa.europa.eu/doc/pdf/other/authentication_action_plan.pdf paul -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-302-1428

Re: Proposal: An anti-phishing compromise

2007-02-01 Thread Paul Madsen
@openid.net http://openid.net/mailman/listinfo/specs -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-302-1428 aim:PaulMdsn5 web:connectid.blogspot.com

Re: Proposal: An anti-phishing compromise

2007-02-01 Thread Paul Madsen
sorry, trying to straddle worlds/terminology OpenID SAML RP == SP (Service Provider) OP == IDP (Identity Provider) Josh Hoyt wrote: On 2/1/07, Paul Madsen [EMAIL PROTECTED] wrote: Hi Josh, do I understand correctly that the motivation

Re: [OpenID] Assertion Quality Extension = openid.importance

2006-12-12 Thread Paul Madsen
in this incoming message. Checked by AVG Free Edition. Version: 7.1.409 / Virus Database: 268.15.15/581 - Release Date: 12/9/2006 -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-302-1428 aim:PaulMdsn5

Re: OpenID Signed Assertions 1.0 - Draft 1

2006-12-04 Thread Paul Madsen
Free Edition. Version: 7.1.409 / Virus Database: 268.15.6/566 - Release Date: 12/3/2006 -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-302-1428 aim:PaulMdsn5

Re: [OpenID] OpenID Assertion Quality Extension - Draft

2006-12-01 Thread Paul Madsen
, it is assumed that the RP is requesting only a single factor for authentication (if openid.aqe.auth_factor2 is specified ) or not requesting a particular authentication method paul Avery Glasser wrote: Just to weigh in here... Paul Madsen wrote: Hi George, for your use case below, why

Re: [OpenID] OpenID Assertion Quality Extension - Draft

2006-12-01 Thread Paul Madsen
? - Avery Avery Glasser wrote: Just to weigh in here... Paul Madsen wrote: Hi George, for your use case below, why would not the RP just ask for the user to be up-authenticated at the desired higher level when necessary? So in the draft... how does the RP ask for the user to be up

Re: [OpenID] OpenID Assertion Quality Extension - Draft

2006-11-30 Thread Paul Madsen
. Everyone else just needs password. Thanks, George ___ general mailing list [EMAIL PROTECTED] http://openid.net/mailman/listinfo/general -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432