[PROPOSAL] authentication age
Recordon, David
drecordon at verisign.com
Mon Oct 2 18:52:30 UTC 2006
Also means from a Yadis file is easy for an IdP to advertise the
extension or not.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Kevin Turner
Sent: Monday, October 02, 2006 11:52 AM
To: specs at openid.net
Subject: Re: [PROPOSAL] authentication age
On Sun, 2006-10-01 at 20:07 +0100, Martin Atkins wrote:
[...]
> then some/most IdPs just won't bother. [...] a completely uncheckable
> assumption and is therefore broken by design.
>
> The best we can do is make it a MAY (that is, max_age is a
> *suggestion* from the RP) and hope that most IdPs do the right thing;
> we shouldn't write the spec in a way that misleads RP implementers
> into thinking they've actually got any real control here.
What he said.
I'd suggest drafting this feature as an extension. I know that weakens
it, but as Martin says, you can't count on it being there in any case,
so I think an optional extension is a much more straightforward way of
representing when this functionality is actually available.
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list