Re: [OpenID] pape.auth_time versus pape.auth_age

2008-02-02 Thread Eddy Nigg (StartCom Ltd.) 
Jonathan and Martin, thanks a lot for clearing this. I wasn't aware that 
there is  already a second draft (should look more carefully next time 
;-) ).


Now, since there isn't a way to differentiate between drafts (i.e.  the 
policy URL is http://specs.openid.net/extensions/pape/1.0 until the 
final), what is the best suggestion for implementation? Going for draft 
1 or 2? Most likely RPs will not understand one or the other...


BTW, what's the time frame for the final version? Any estimates?

Martin Paljak wrote:


On Feb 2, 2008, at 6:46 PM, Eddy Nigg (StartCom Ltd.) wrote:

Can somebody confirm that sending pape.max_auth_age is wrong and it 
should be pape.auth_time instead?
max_auth_age should be the time in seconds from last authentication in 
the PAPE *request*.


AFAIK Draft 1 had auth_time as 'seconds passed from last 
authentication', Draft 2 has auth_time as 'the timestamp of the last 
authentication'



m.


--
Regards 


Signer: Eddy Nigg, StartCom Ltd. 
Jabber: [EMAIL PROTECTED] 
Blog:   Join the Revolution! 
Phone:  +1.213.341.0390


___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Re: [OpenID] pape.auth_time versus pape.auth_age

2008-02-02 Thread Jonathan Daugherty 
>  Can somebody confirm that sending pape.max_auth_age is wrong and it should
> be pape.auth_time instead?

Hi Eddy,

The PHP library implements Draft 1 of PAPE, not Draft 2.  The same is
true of the other openidenabled.com implementations.

-- 
  Jonathan Daugherty
___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

pape.auth_time versus pape.auth_age

2008-02-02 Thread Eddy Nigg (StartCom Ltd.) 
The PHP library (and examples) from openidenabled.com currently return 
in the Auth_OpenID_PAPE_Response function pape.max_auth_age. Reading the 
specs from 
http://openid.net/specs/openid-provider-authentication-policy-extension-1_0-02.html#anchor10 
this should be however pape.auth_time. The sample consumer seems to be 
happy with that, but I think this to be a mistake...


Can somebody confirm that sending pape.max_auth_age is wrong and it 
should be pape.auth_time instead?


--
Regards 


Signer: Eddy Nigg, StartCom Ltd. 
Jabber: [EMAIL PROTECTED] 
Blog:   Join the Revolution! 
Phone:  +1.213.341.0390


___
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs