[Openid-specs-heart] Health Relationship Trust Profile for User Managed Access 1.0

Sat Nov 28 16:56:10 UTC 2015

I would expect these to be policy driven. If we specify values we need it then describe our policy choice. Other use cases, and threat environment may choose other values. Right?

John

Sent from my iPhone

On Nov 28, 2015, at 10:32 AM, Eve Maler <eve.maler at forgerock.com<mailto:eve.maler at forgerock.com>> wrote:

Agree! Offline, I have suggested to Justin that he fill in the figures for AATs and PATs with the same recommendations as for ordinary OAuth access tokens (as that is what they are), and the figures for RPTs with recommendations inspired by his analysis of different "client types" that appears in the OAuth profile, since the ability of a client to keep a secret should determine what it does with an overall RPT. (The "guts" of an RPT can have individual expiration times commensurate with the policy set by a resource owner.)

Eve Maler
ForgeRock Office of the CTO | VP Innovation & Emerging Technology
Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl
Join our ForgeRock.org OpenUMA<https://urldefense.proofpoint.com/v2/url?u=http-3A__forgerock.org_openuma_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=Os6mERfCAqkTkNGQh-saaWLpddrHOPg80AFdTX8-RFg&e=> community!

On Sat, Nov 28, 2015 at 12:35 AM, Danny van Leeuwen <danny at health-hats.com<mailto:danny at health-hats.com>> wrote:

2.4.<https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.bitbucket.org_HEART_openid-2Dheart-2Duma.html-23rfc.section.2.4&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=TG0Ob9ovYQ_QL4bZ8Lfdo6NWIG0Cv7I_k1-b83jFeck&e=> Token Lifetimes

It is RECOMMENDED that AATs have a lifetime of no greater than [XX] hours.

It is RECOMMENDED that PATs have a lifetime of no greater than [XX] hours.

It is RECOMMENDED that RPTs have a lifetime of no greater than [XX] hours.

[shouldn't xx be defined?]

>From <http://openid.bitbucket.org/HEART/openid-heart-uma.html<https://urldefense.proofpoint.com/v2/url?u=http-3A__openid.bitbucket.org_HEART_openid-2Dheart-2Duma.html&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=SsXVuXInyZJJVRUIHYkuyPb2u0EN9afGbpJs4MGtuVQ&e=>>

--
Danny van Leeuwen
617-304-4681<tel:617-304-4681>

Blog www.health-hats.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.health-2Dhats.com_&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=WLUQNlD8_RUWZD0h_tTEe-oqKx9FeEHi90BInkHULpg&e=> discovering the magic levers of best health
Twitter @healthhats

_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
http://lists.openid.net/mailman/listinfo/openid-specs-heart<https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=CwMFaQ&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=D-_XITV9f9wlV97efF4N_FU8WudA5D_G7mUiaL9uC5A&e=>

_______________________________________________
Openid-specs-heart mailing list
Openid-specs-heart at lists.openid.net<mailto:Openid-specs-heart at lists.openid.net>
https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dheart&d=CwICAg&c=IV_clAzoPDE253xZdHuilRgztyh_RiV3wUrLrDQYWSI&r=B4hg7NQHul-cxfpT_e9Lh49ujUftqzJ6q17C2t3eI64&m=npO1u6tbHx5fYIKkQwYrOcMo2WhMAAkbF4VPHhxgidQ&s=D-_XITV9f9wlV97efF4N_FU8WudA5D_G7mUiaL9uC5A&e=