"Hans Granqvist" <[EMAIL PROTECTED]> writes:
> 'expires_in' relates to the length of the RP->OP assoc, not the
> length of the EU->RP session.
Good point. I couldn't see the forest for the trees.
> I don't think that param is usable for you, unless I completely
> misunderstand what you're tryin
On Jul 2, 2008, at 6:29 PM, Simon Josefsson wrote:
> Martin Paljak <[EMAIL PROTECTED]> writes:
>
>> Hi Simon,
>>
>>
>> I believe expires_in from
>> http://openid.net/specs/openid-authentication-2_0.html#anchor20
>> is the thing you're interested in?
> Possibly the 'expires_in' is what I am looking
'expires_in' relates to the length of the RP->OP assoc, not the
length of the EU->RP session.
I don't think that param is usable for you, unless I completely
misunderstand what you're trying to achieve, which I think
is that the end-user has to occasionally re-authenticate?
Hans
On Wed, Jul 2, 2
Martin Paljak <[EMAIL PROTECTED]> writes:
> Hi Simon,
>
>
> I believe expires_in from
> http://openid.net/specs/openid-authentication-2_0.html#anchor20
> is the thing you're interested in?
Hi Martin. Ah, thanks for the pointer, I wasn't aware of that
parameter.
It isn't _exactly_ what I'm look
Hi Simon,
I believe expires_in from
http://openid.net/specs/openid-authentication-2_0.html#anchor20
is the thing you're interested in?
On Jul 2, 2008, at 5:40 PM, Simon Josefsson wrote:
> Dick Hardt <[EMAIL PROTECTED]> writes:
>
>> One parameter of PAPE was allowing the RP to specify how l
Dick Hardt <[EMAIL PROTECTED]> writes:
> One parameter of PAPE was allowing the RP to specify how long it had
> been since the OP had authenticated the user.
I looked at the max_auth_age property, but it seems somewhat reverse to
what I am looking for: the max_auth_age property allows the RP to
r
One parameter of PAPE was allowing the RP to specify how long it had
been since the OP had authenticated the user.
There is a PAPE working group right now, if you were interested in
looking at how your suggestions would be incorporated, I am sure they
would welcome you to the group.
I've cc
Hi.
Is there a best practice on how Openid consumers can find out whether
re-authenticating the user, via the OpenID server, once in a while can
lead to improved security?
The security of normal one-time password systems (SecurID, SMS codes,
Yubikeys, ..) can be improved if you ask for a new one-