Hey Siddharth,
Just to be clear, a OTP hardware token is considered a one-time
password device token not a Hard token given SP 800-63, section 6
on page 15. This means that a OTP device can satisfy up to level 3,
though a FIPS compliant Hard token would be needed for level 4.
Level 3 also
Hi David,
I have a quick question about the PAPE draft specification. In the
response parameters, you can set a parameter called
'openid.pape.nist_auth_level'
There is a section 7.1.2 that describes the paramter and in the last
table the spec maps some of the common authentication technologies