Login Federation
Allen Tom
atom at yahoo-inc.com
Tue Feb 19 18:05:16 UTC 2008
expires_in only specifies the lifetime of an association handle. There's
no parameter that indicates the lifetime of an authentication response.
Allen
Martin Paljak wrote:
> On Feb 18, 2008, at 5:11 PM, McGovern, James F (HTSC, IT) wrote:
>
>> Likewise, I would think that for automatic signon, it would be a good
>> thing if the OpenID provider could tell the relying party how long to
>> leave an otherwise idle session open before timing it out. Not sure if
>> this would require an extension or not.
>>
>
> expires_in from http://openid.net/specs/openid-authentication-2_0.html#anchor20
> should do exactly this.
>
> m.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080219/67023f54/attachment-0001.htm>
More information about the specs
mailing list