+1 simple and straight forward Just curious about uses cases where the required authentication level changes over time. For instance, a use case where to view my stock portfolio just requires "password", but doing a trade requires "voicebio". Is the expectation that authentication events can be treated as "standalone"? or that it's the RP's responsibility to manage the combinations based on the identifier?
One final question... Is it valuable to provide a way to request two or more authentication methods be employed in the authentication event? For example, administrators of a site must use both "password" and "hardotp". Everyone else just needs "password". Thanks, George _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
