RE: OpenID Provider Authentication Policy Extension

2007-07-21 Thread Recordon, David
Thanks, definitely am! Just catching up on a lot of email now. --David -Original Message- From: Johnny Bufu [mailto:[EMAIL PROTECTED] Sent: Friday, July 13, 2007 11:05 AM To: Recordon, David Cc: specs@openid.net Subject: Re: OpenID Provider Authentication Policy Extension David, On

RE: OpenID Provider Authentication Policy Extension

2007-07-21 Thread Recordon, David
1) I imagine the URLs will become live at some point. :) 2) I wouldn't mind renaming it to no-shared-secrets which can also have a corresponding less secure policy of shared-secret-second or something like that which means the user provided a shared secret only after first providing something

RE: OpenID Provider Authentication Policy Extension

2007-07-21 Thread Recordon, David
5.1 1) Clarified. 2 3) Changed the MUST to a SHOULD, since the intent was never to restrict what a user could do. 4) Changed to Integer 5.2 1) What is the use-case for this? As the parameter always describes the policies returned in pape_auth_policies, the Provider should always know how