[OpenID] pape.auth_time versus pape.auth_age

Eddy Nigg (StartCom Ltd.) eddy_nigg at startcom.org
Sat Feb 2 18:45:43 UTC 2008


Jonathan and Martin, thanks a lot for clearing this. I wasn't aware that 
there is  already a second draft (should look more carefully next time 
;-) ).

Now, since there isn't a way to differentiate between drafts (i.e.  the 
policy URL is http://specs.openid.net/extensions/pape/1.0 until the 
final), what is the best suggestion for implementation? Going for draft 
1 or 2? Most likely RPs will not understand one or the other...

BTW, what's the time frame for the final version? Any estimates?

Martin Paljak wrote:
>
> On Feb 2, 2008, at 6:46 PM, Eddy Nigg (StartCom Ltd.) wrote:
>
>> Can somebody confirm that sending pape.max_auth_age is wrong and it 
>> should be pape.auth_time instead?
> max_auth_age should be the time in seconds from last authentication in 
> the PAPE *request*.
>
> AFAIK Draft 1 had auth_time as 'seconds passed from last 
> authentication', Draft 2 has auth_time as 'the timestamp of the last 
> authentication'
>
>
> m.

-- 
Regards 
 
Signer:  	Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber:  	startcom at startcom.org <xmpp:startcom at startcom.org>
Blog:  	Join the Revolution! <http://blog.startcom.org>
Phone:  	+1.213.341.0390
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080202/8899b99d/attachment-0001.htm>


More information about the specs mailing list