Just as was done for PAPE, we should have "acr" claim values be a list of the policies that the OP was able to satisfy/use and not assume that it's a singleton.
The PAPE language at http://openid.net/specs/openid-provider-authentication-policy-extension-1_0.html#anchor9 is:
openid.pape.auth_policies One or more authentication policy URIs representing policies that the OP satisfied when authenticating the End User. Value: Space separated list of authentication policy URIs.
I believe we'll regret it if we don't do this.