Timing of Realm/RP validation

Andrew Arnott andrewarnott at gmail.com
Sat Jan 16 01:33:34 UTC 2010


Ya, you're free to do RP verification before or after authentication.
In fact some major OPs like Yahoo cache the results for 1 hour and
thus don't actually perform RP verification most times at all (if it's
in their cache)

On Friday, January 15, 2010, Hubert Le Van Gong
<Hubert.Levangong at sun.com> wrote:
> Greetings,
> Is it correct to say the spec (2.0) does not mandate a specific momentin the protocol at which the RP/realm validation should occur?For instance, the OP could first authenticate the user and thenperform RP verification or it could do that validation before authenticatingthe user. Although the latter seems more intuitive (and efficient) would bothbe compliant?
> Cheers,Hubert
>
>
>  --Hubert A. Le Van GongIdentity ArchitectSun microsystems, Inc.
>
> 17 Rue DupreyGrenoble, 38000France
> --------------------------------------------------email: hubert.levangong at sun.COMtel:+33 4 7663 0935blog: http://blog.levangong.com/
> N 45  11.900'W 005  44.145'Elev. 736 ft.
>
>

-- 
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the
death your right to say it." - S. G. Tallentyre


More information about the specs mailing list