-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/24/2011 05:52 PM, Joni Brennan wrote:
The aim of the PLOA is transaction based assurance. I'm sure the editor would appreciate feedback. If people would like to connect with the editor let me know.
The PLOA paper can be found here: - http://www.idcommons.org/wp-content/uploads/2011/10/PLOA-White-Paper-v1.02.p...
Actually I think transaction-based assurance is already well provided for in the FICAM deployment profile and using LOA context classes (or iso29115level openid connect claim or whatever its called there). My understanding of PLOA is that its about attribute redress; if you don't get shoesize then send the user to a page asking for shoesize and then try again. I remarked in the PLOA session att IIW that this is a *huge* phishing problem if you get hit with some XSS - missing the shoesize attribute causes the redress endpoint to ask for social security number instead. Cheers Leif -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6ltJkACgkQ8Jx8FtbMZnfCaACfRrmYiFNRWBp1dvaisvzlo6C8 E4wAoIwmEz77Qqh4yZkHLOu62YqdhD4+ =Ccyp -----END PGP SIGNATURE-----