[OpenID] invalidate_handle question
Jorge Niedbalski R.
jorge at betazeta.com
Thu Sep 24 19:43:04 UTC 2009
Hi Allan,
Thanks you for your response.
On Thu, 2009-09-24 at 10:13 -0700, Allen Tom wrote:
> Hi Jorge,
>
> Always great to hear from new OpenID implementors.
>
> There could be many reasons why an OP may invalidate an association
> handle, but the most common case is that the handle has expired. In
> order to practice good secret hygiene, it's a good idea to rotate the
> secrets periodically. I believe that most OPs invalidate their handles
> at a frequency of 1 hour to 14 days, with 8-24 hours being the most
> common. 24 hours seems to be a good value, and that's the maximum
> association handle lifetime specified by the US federal government's
> requirements for OPs participating in the Open Government initiative.
>
We resolved this issue and was in effect a time sync. problem between
the two association entities.
> hope that helps,
Yes it help us. Maybe is a good idea to expand that "whatever reason" to
a more comprehensive information.
> Allen
>
> Jorge Niedbalski wrote:
> > Finally our question is What means "whatever reason" in the server
> > logic ? When is set the openid.invalidate_handle ?
> >
> >
>
Greetings,
JNR.
More information about the general
mailing list