On 02/02/2008, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote:
> Yes, I also wonder why the IDP can't just return the ID. As of now I think
> it's
> two steps for this, with the RP explicit requesting it? Or am I wrong with
> that?
When used in directed identity mode, the OP can pick the id
Jonathan and Martin, thanks a lot for clearing this. I wasn't aware that
there is already a second draft (should look more carefully next time
;-) ).
Now, since there isn't a way to differentiate between drafts (i.e. the
policy URL is http://specs.openid.net/extensions/pape/1.0 until the
fi
> Can somebody confirm that sending pape.max_auth_age is wrong and it should
> be pape.auth_time instead?
Hi Eddy,
The PHP library implements Draft 1 of PAPE, not Draft 2. The same is
true of the other openidenabled.com implementations.
--
Jonathan Daugherty
The PHP library (and examples) from openidenabled.com currently return
in the Auth_OpenID_PAPE_Response function pape.max_auth_age. Reading the
specs from
http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-02.html#anchor10
this should be however pape.auth_time. The samp
I apologise that this message doesn't directly address any of the points
you've made, but others have been doing that.
I just want to make a general point:
In my opinion, we should resist the urge to start specing "OpenID 3.0"
(aka OpenID vNext) and try to do everything else that needs to be do