<div dir="ltr">Agree! Offline, I have suggested to Justin that he fill in the figures for AATs and PATs with the same recommendations as for ordinary OAuth access tokens (as that is what they are), and the figures for RPTs with recommendations inspired by his analysis of different "client types" that appears in the OAuth profile, since the ability of a client to keep a secret should determine what it does with an overall RPT. (The "guts" of an RPT can have individual expiration times commensurate with the policy set by a resource owner.)</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr">
<p><b>Eve Maler<br></b>ForgeRock Office of the CTO | VP Innovation & Emerging Technology<br>Cell +1 425.345.6756 | Skype: xmlgrrl | Twitter: @xmlgrrl<br>Join our <a href="http://forgerock.org/openuma/" target="_blank">ForgeRock.org OpenUMA</a> community!</p></div></div></div></div></div>
<br><div class="gmail_quote">On Sat, Nov 28, 2015 at 12:35 AM, Danny van Leeuwen <span dir="ltr"><<a href="mailto:danny@health-hats.com" target="_blank">danny@health-hats.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><p style="margin:0in;line-height:21pt"><a href="http://openid.bitbucket.org/HEART/openid-heart-uma.html#rfc.section.2.4" target="_blank"><span style="font-weight:bold;font-family:verdana;font-size:14pt">2.4.</span></a><span style="font-weight:bold;font-family:verdana;font-size:14pt;color:black"> Token
Lifetimes</span></p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">It is
RECOMMENDED that AATs have a lifetime of no greater than [XX] hours.</p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">It is
RECOMMENDED that PATs have a lifetime of no greater than [XX] hours.</p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">It is
RECOMMENDED that RPTs have a lifetime of no greater than [XX] hours.</p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black"> </p>
<p style="margin:0in;font-family:verdana;font-size:10pt;color:black">[<span style="font-weight:bold">shouldn't xx be defined?]</span></p>
<p style="margin:0in;font-family:Calibri;font-size:11pt"> </p>
<p style="margin:0in;font-family:Calibri;font-size:9pt;color:rgb(89,89,89)">From
<<a href="http://openid.bitbucket.org/HEART/openid-heart-uma.html" target="_blank">http://openid.bitbucket.org/HEART/openid-heart-uma.html</a>> </p><span class="HOEnZb"><font color="#888888"><div><br></div>-- <br><div><font color="#330099">Danny van Leeuwen<br><a href="tel:617-304-4681" value="+16173044681" target="_blank">617-304-4681</a><br></font><div><b><font color="#330099"><br></font></b><div><b><font color="#330099">Blog <a href="http://www.health-hats.com/" target="_blank">www.health-hats.com</a> <i><span style="font-size:8pt;font-family:'Arial Black',sans-serif">discovering the magic levers of best health</span></i></font></b></div></div><div><b><font color="#330099">Twitter </font></b><b><font color="#330099"><i><span style="font-size:8pt;font-family:'Arial Black',sans-serif">@healthhats</span></i></font></b></div></div>
</font></span></div>
<br>_______________________________________________<br>
Openid-specs-heart mailing list<br>
<a href="mailto:Openid-specs-heart@lists.openid.net">Openid-specs-heart@lists.openid.net</a><br>
<a href="http://lists.openid.net/mailman/listinfo/openid-specs-heart" rel="noreferrer" target="_blank">http://lists.openid.net/mailman/listinfo/openid-specs-heart</a><br>
<br></blockquote></div><br></div>