Graduated authentication in an identity management system

What is claimed is: 1. A computer-implemented method, comprising: sending, from a homesite, a request for information held by a webservice provider, the homesite acting as an agent of a user, and the homesite permitted to directly interact with the webservice provider on behalf of the user; receiving, at the homesite, an authorization grant originating from the user in response to a request for user authorization for satisfying the request for the information held by the webservice provider; providing, by the homesite to the webservice provider, a first message comprising a response to the request for user authorization, wherein the response is configured in accordance with a pre-defined minimum security requirement; and in response to successful user authorization based on the first message, receiving, from the webservice provider, a second message in response to the requested information. 2. The method of claim 1 wherein the request for user authorization is configured to include an authentication security level that species the pre-defined minimum security requirement as a lowest authentication security level from a plurality of authentication security levels allowable for the requested information. 3. The method of claim 1 wherein the second message comprises the requested information. 4. The method of claim 1 wherein the first message comprises a token allowing the homesite to request the information without further user-authorization. 5. The method of claim 1 wherein the request is configured to include an explanation of the information requested by the homesite. 6. The method of claim 1 wherein the request is configured to include a security level, and wherein the security level is: an authentication security level, a channel security level, or a time sensitivity security level. 7. The method of claim 1 wherein the first message comprising the response to the request for user authorization is sent over a channel selected from a plurality of channels. 8. The method of claim 7 wherein the channel is selected in accordance with a determined response security level, wherein the response security level is more secure than the pre-determined minimum security requirement, and wherein the response security level is determined based on a security level associated with the request for user authorization. 9. The method of claim 1 wherein the homesite determines, in accordance with the security level associated with a request for user authorization, a response security level for transmitting the first message comprising the response to the request for user authorization, and wherein the response security level is more secure than the pre-determined minimum security requirement. 10. The method of claim 9 wherein the response security level is determined in accordance with: a response security level specified in the received request for user authorization, information specified in the received request for user authorization, user preference information, at least one homesite policy, or any combination thereof. 11. The method of claim 1 wherein the request for information held by the webservice provider comprises an identification of a device associated with the user to directly receive an authorization request. 12. The method of claim 1 wherein the request for information held by the webservice provider comprises the request for user authorization for satisfying the request for information held by the webservice provider. 13. The method of claim 1 wherein the request for information held by the webservice provider comprises an authorization request that is made indirectly via a membersite operating as an intermediary authorization server. 14. The method of claim 1 wherein the first message comprises a token allowing the homesite to request the information without further user-authorization and wherein the token is issued via an intermediary token generation system. 15. The method of claim 1 wherein the request for user authorization is configured to include a specified security level from a plurality of security levels and wherein the received authorization grant comprises a credential representing the user's authorization and complying with the specified security level. 16. At least one non-transitory, computer-readable medium carrying instructions, that when executed by at least one data processor, cause the at least one data processor to perform operations comprising: sending, from a homesite to webservice provider distinct from the homesite, a request for information held by the webservice provider, the homesite acting as an agent of a user and permitted to directly interact with the webservice provider on behalf of the user; receiving, at the homesite, an authorization grant associated with the user in response to a request for user authorization for satisfying the request for information held by the webservice provider; providing, by the homesite to the webservice provider, a first message comprising a response to the request for user authorization, wherein the response is configured in accordance with a pre-defined minimum security requirement from a plurality of levels for the security requirement; and in response to successful user authorization based on the first message, receiving, from the webservice provider, a second message in response to the requested information. 17. The at least one non-transitory, computer-readable medium of claim 16 wherein the request for user authorization is configured to include an authentication security level that species the pre-defined minimum security requirement as a lowest authentication security level from a plurality of authentication security levels allowable for the requested information. 18. The at least one non-transitory, computer-readable medium of claim 16 wherein the first message comprises a token allowing the homesite to request the information held by the webservice provider without further user-authorization. 19. The at least one non-transitory, computer-readable medium of claim 16 wherein the request for information from the homesite is configured to include an explanation of the information requested by the homesite. 20. The at least one non-transitory, computer-readable medium of claim 16 wherein the request for user authorization is further configured to include at least one of: a channel security level, or a time sensitivity security level. 21. The at least one non-transitory, computer-readable medium of claim 16 wherein the homesite determines, in accordance with the security level associated with the request for user authorization, a response security level for transmitting the first message comprising the response to the request for user authorization, and wherein the response security level is more secure than the pre-determined minimum security requirement. 22. The at least one non-transitory, computer-readable medium of claim 16 wherein the response security level is determined in accordance with: a response security level specified in the received request for user authorization, information specified in the received request for user authorization, user preference information, at least one homesite policy, or any combination thereof. 23. The at least one non-transitory, computer-readable medium of claim 16 wherein the second message comprises the requested information. 24. A system comprising: at least one hardware processor;