SitG Admin wrote:
http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html
http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html
I'd like to see the 4th draft of this include a URI level
authentication property.
I'd like to know whether the OP is asserting
What's the use-case?
If the RP doesn't care about distinguishing between users that have
accounts at a site but identify themselves as such anonymously, it
can reclassify them as users that have accounts at a site,
consolidating what could be a large number of identities into a
single
Hi Shade, AQE has long ago been deprecated in favour of PAPE
paul
SitG Admin wrote:
http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html
http://openid.net/specs/openid-assertion-quality-extension-1_0-03.html
I'd like to see the 4th draft of this include a URI level
Hi Shade, AQE has long ago been deprecated in favour of PAPE
Hmm . . . looks like PAPE is more of *how* the user was authenticated
than the *quality* of their authentication (the latter seemed
appropriate for what quality of identity the RP should take the OP as
asserting).
Looking at the
All of your use-cases here seem to be to do with the RP somehow
discriminating against users that have a flag set.
There's a new use-case type in my reply to Paul Madsen.
By the way, I'm concerned about your phrasing there. By saying that
the RP discriminates *against* such users, it implies
SitG Admin wrote:
I've quoted your entire message below my reply since you appear to
have sent your message to me directly and not to the list ;)
oops... sorry
How would the OP know if the user it's authenticating is a member at
the RP?
Not a member at the RP, a member at the OP (or any
None of them were assumed by me; I don't consider the use-case to
rely on any of them.
1) A directed identity URI creates a situation where the RP *doesn't
know* whether it is a real URI or not. (This assumption has been
hypothetically mitigated by an idea that occurred to me during this
: This is user's URI for Assertion Quality Extension
None of them were assumed by me; I don't consider the use-case to
rely on any of them.
1) A directed identity URI creates a situation where the RP *doesn't
know* whether it is a real URI or not. (This assumption has been
hypothetically mitigated