Projects/Improve OTP deployability
The existing FAST-based OTP currently requires a KDC-authenticated FAST armor in order to use safely for a common OTP back end deployment scenario. (The OTP back end receives the cleartext OTP value from the KDC and verifies it.)
Some sites (including Stanford and MIT) have a need to transition users from normal a long-term password to an OTP two-factor authentication, while retaining the user's existing long-term password as one of the factors. Additionally, it is useful to transition a user from such an OTP two-factor status to remove the OTP requirement while retaining the same long-term password. (e.g., hardware OTP token is lost and user needs to get work done anyway).
Additionally, existing FAST armors suitable for use with FAST-OTP require deploying either a keytab or a KDC public key certificate (or trust anchor) on the client host. It would make OTP easier to deploy if some FAST armor suitable for FAST-OTP could be deployed with minimal configuration on the client. This probably means developing some kind of PAKE-based FAST armor.
PAKE armor means that an online attack could potentially discover the user's long-term password without also knowing the OTP values.
PAKE algorithms might have patent issues, particularly if elliptic curve crypto (useful for size and performance) is involved.