[Openid-specs-fapi] Issue #79: Part 1: issues with x-fapi-customer-last-logged-time header (openid/fapi)
Joseph Heenan
issues-reply at bitbucket.org
Wed Mar 22 18:24:24 UTC 2017
New issue 79: Part 1: issues with x-fapi-customer-last-logged-time header
https://bitbucket.org/openid/fapi/issues/79/part-1-issues-with-x-fapi-customer-last
Joseph Heenan:
Reviewing Part 1, I found the following a little inconsistent in the description of the x-fapi-customer-last-logged-time header:
1) 'time' is used in the header to describe a time+date, whereas the HTTP/1.1 spec uses 'date' for the same purpose - I think we should be consistent with HTTP1/1.
2) I suggest changing 'logged' to 'login' to better reflect what I believe is the purpose of the header. ("logged" could also be interpreted as being related to system logging rather than user login.)
3) The reference to the date format was not clear; I am fairly certain the intent was to refer to the date format used in HTTP/1.1, and certainly it seems sensible to keep the same format as the HTTP Date: header.
4) The example is not a valid HTTP-Date due to the use of UTC timezone; HTTP/1.1 states the timezone MUST be GMT.
I will submit a pull request with suggested fixes for these shortly.
More information about the Openid-specs-fapi
mailing list