[OpenID] invalidate_handle question
Allen Tom
atom at yahoo-inc.com
Thu Sep 24 17:13:22 UTC 2009
Hi Jorge,
Always great to hear from new OpenID implementors.
There could be many reasons why an OP may invalidate an association
handle, but the most common case is that the handle has expired. In
order to practice good secret hygiene, it's a good idea to rotate the
secrets periodically. I believe that most OPs invalidate their handles
at a frequency of 1 hour to 14 days, with 8-24 hours being the most
common. 24 hours seems to be a good value, and that's the maximum
association handle lifetime specified by the US federal government's
requirements for OPs participating in the Open Government initiative.
hope that helps,
Allen
Jorge Niedbalski wrote:
> Finally our question is What means "whatever reason" in the server
> logic ? When is set the openid.invalidate_handle ?
>
>
More information about the general
mailing list