This information is usually listed on the registartion page anyway.
8-16 characters. Letters and numbers only. No spaces. Case
sensitive. - password change screen from Comcast.net
Must be at least 6 characters long. - registration page from digg.com
Choose a secure password, which:
is at least
] OpenID Assertion Quality Extension - Draft
Daniel,
It's not a bad idea, but it doesn't actually drive any more knowledge
about the security of the authentication. There are so many factors when
calculating the entropy and overall security of a password that I don't
think it should be included
It might be useful to some RP's to know of any complexity schemes put
on users' passwords.
How about:
password.min_length=8
password.max_length=16
the number of characters that the password is between.
password.max_length would probably be more useful as I don't see many
RP's complaining if the
Hi Avery, some minor tweaks/comments
1) the line 'the first method that the RP would like the OP to perform'
could be interpreted as constraining the O/IDP to performing whatever
authentication mechanism is listed as the first in a temporal sequence,
i.e. must do X then Y
This could be
Avery, below
Avery Glasser wrote:
Paul,
My feedback to your feedback...
Hi Avery, some minor tweaks/comments
1) the line 'the first method that the RP would like the OP to
perform' could be interpreted as constraining the O/IDP to
performing whatever authentication mechanism is
Hi George, for your use case below, why would not the RP just ask for
the user to be up-authenticated at the desired higher level when necessary?
Are you asking whether the RP should be allowed to ask the user to
re-present their URI in order for this to happen? And thereby
effectively
Paul Madsen wrote:
Hi
George, for your use case below, why would not the RP just ask for the
user to be up-authenticated at the desired higher level when necessary?
So in the draft... how does
the RP ask for the user to be "up-authenticated"? The authentication
request parameters do not
, November 30, 2006 2:22 PM
To: George Fletcher
Cc: specs@openid.net; [EMAIL PROTECTED]
Subject: Re: [OpenID] OpenID Assertion Quality Extension - Draft
Just to weigh in here...
Paul Madsen wrote:
Hi George, for your use case below, why would not the RP just ask for the
user to be up
+1
Avery Glasser wrote:
Actually, this could be pretty simple to implement:
Replace openid.aqe.preferred_auth_mode with the following:
openid.aqe.auth_factor1
Optional: The method of authentication the RP
would like the OP to perform, or in the case of a multi-factor
