[OpenID] MyOpenID's PAPE implementation doesn't honour max_auth_age

[Craig Forster]

It appears that the MyOpenID OP's PAPE implementation doesn't honour the
max_auth_age parameter.  It correctly reports the authentication time of
the user back to the RP, but doesn't prompt for re-authentication if this
time is earlier than the RP requested.

Is there a reason for this behaviour?

---
craig forster | staff software engineer | ibm australia development labs