Hans Granqvist [EMAIL PROTECTED] writes:
'expires_in' relates to the length of the RP-OP assoc, not the
length of the EU-RP session.
Good point. I couldn't see the forest for the trees.
I don't think that param is usable for you, unless I completely
misunderstand what you're trying to
Hi.
Is there a best practice on how Openid consumers can find out whether
re-authenticating the user, via the OpenID server, once in a while can
lead to improved security?
The security of normal one-time password systems (SecurID, SMS codes,
Yubikeys, ..) can be improved if you ask for a new
One parameter of PAPE was allowing the RP to specify how long it had
been since the OP had authenticated the user.
There is a PAPE working group right now, if you were interested in
looking at how your suggestions would be incorporated, I am sure they
would welcome you to the group.
I've
On Jul 2, 2008, at 6:29 PM, Simon Josefsson wrote:
Martin Paljak [EMAIL PROTECTED] writes:
Hi Simon,
I believe expires_in from
http://openid.net/specs/openid-authentication-2_0.html#anchor20
is the thing you're interested in?
Possibly the 'expires_in' is what I am looking for, if the
So far, neither OpenID nor CardSpace define the notion of a session,
so no common logout is possible within the standard protocols.
What we do in our code at NetMesh is to add a convention where
RP-URL?lid=OPENID
is the same thing as submitted OpenID URL in the first form, to
which
Message-
From: Johannes Ernst [mailto:[EMAIL PROTECTED]
Sent: Friday, April 06, 2007 12:29 PM
To: McGovern, James F (HTSC, IT)
Cc: specs@openid.net
Subject: Re: Logout
So far, neither OpenID nor CardSpace define the notion of a session, so no
common logout is possible within the standard
PROTECTED]
Sent: Friday, April 06, 2007 2:25 PM
To: McGovern, James F (HTSC, IT)
Cc: specs@openid.net
Subject: Re: Logout
That might be hard from a usability perspective, and in my experience, the
underlying user requirement tends to be a variation of I am about to go to
lunch with the guys
well with OpenID atleast, I think we can easily design a logout
extension, where an RP can register it's logout handler with OP during
login flow (checkid_immediate/checkid_setup) and the OP could call each
of the RP's logout handlers (in the browser) that are registered with
the current
On 4/6/07, Praveen Alavilli [EMAIL PROTECTED] wrote:
well with OpenID atleast, I think we can easily design a logout
extension, [...]
Any reason why something like this was not incorporated into the specs yet ?
There is not general agreement on how this feature should be
implemented, or even
On Apr 6, 2007, at 12:13, Praveen Alavilli wrote:
Any reason why something like this was not incorporated into the
specs yet ?
We just needed a volunteer like you to take it on ;-) ;-)
Johannes Ernst
NetMesh Inc.
http://netmesh.info/jernst
In thinking about this, wouldn't it be interesting if the RP could return a URL
that the selector could callback on? Of course this would be optional.
*
This communication, including attachments, is
for the exclusive use
On 4/6/07, Praveen Alavilli [EMAIL PROTECTED] wrote:
I could only go only till Aug 2006 on the mail archives here:
http://openid.net/pipermail/specs/ and nothing found specifically on
logout' (atleast based on the thread subjects).
I'd also search the other mailing lists, because
On Apr 6, 2007, at 14:40, Johnny Bufu wrote:
Which makes me think that this could
actually work with what we have today, if we defined a openid-logout-
notification attribute, and the RPs registered for updates when its
value changes.
This sounds like you are conflating attributes
13 matches
Mail list logo