Wrapping Up Proposals
Josh Hoyt
josh at janrain.com
Wed Oct 4 06:48:37 UTC 2006
On 10/3/06, Dick Hardt <dick at sxip.com> wrote:
> > * Authentication age
> > (http://openid.net/pipermail/specs/2006-September/000141.html)
> > Still being discussed, varying opinions on if the spec mandates
> > this will IdPs cooperate. Proposal of having it as an extension.
>
> +1 - per other email, let's get the feature in there. The IdP is
> already managing session age. Having it as an extension is going to
> add complexity to RP code as they have to discover if they can have
> that as a parameter. This seems like huge overhead to determine a
> single parameter
There are other related session-management issues that need to be
addressed, so I think it's silly to say that it'd be an extension for
one parameter. I'd like it to be in a different spec so that those
issues can be hashed out without having to update the core
specification. Other things that might go in that spec include
single-sign-off and the IdP advising the RP that the assertion is only
good for a certain period of time.
Josh
More information about the specs
mailing list