We’ve just published Draft 2 of the OpenID Provider Assertion Policy Extension which replaces Draft 1 from July of this year. This draft adds clarifications to the spec and builds on implementation experiences from JanRain, Sxip, and VeriSign. The main goal of PAPE is to allow OpenID Relying Parties the ability to request and be informed of the use of stronger and phishing-resistant authentication mechanisms. If you’re working with authentication mechanisms beyond just username and password with OpenID, we definitely recommend you take a look at PAPE.

From the abstract:

This extension to the OpenID Authentication protocol provides a mechanism by which a Relying Party can request that particular authentication policies be applied by the OpenID Provider when authenticating an End User. This extension also provides a mechanism by which an OpenID Provider may inform a Relying Party which authentication policies were used. Thus a Relying Party can request that the End User authenticate, for example, using a phishing-resistant or multi-factor authentication method.

This extension is not intended to provide all information regarding the quality of an OpenID Authentication assertion. Rather, it is designed to be balanced with information the Relying Party already has with regard to the OpenID Provider and the level of trust it places in it. If additional information is needed about processes such as new End User enrollment on the OpenID Provider, such information should either be transmitted out-of-band or in other extensions such as OpenID Attribute Exchange. Other aspects (e.g. security characteristics, credential provisioning, etc) could be dealt with in the future, though End User privacy concerns must be kept in mind especially when discussing enrollment procedures.

Scott Kveton and I have spent today out in the sunny Tulsa, Oklahoma offices of Vidoop working with their team on a gigantic update to OpenID.net. As you can see, we’ve touched just about every part of the site. The theme is upgraded, content reorganized and rewritten, no longer using a theme system from before the bubble, and a lot of other new tweaks.

As always, the website is an evolving work in progress maintained by the OpenID community. If you’re interested in contributing, or have feedback, join the marketing@openid.net mailing list where the community discusses marketing and evangelism for OpenID. All in all, thanks to everyone who has worked on the new site, I know I’m really excited to see it one step closer to completion!