On 9-Oct-06, at 1:12 AM, Josh Hoyt wrote:
> On 10/8/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
>> [...] I would want the site to prompt for a password if I was
>> doing something
>> important. The only way for the IdP to know that is for the RP to
>> tell it somehow -> auth_age request.
>
> This
On 10/8/06, Dick Hardt <[EMAIL PROTECTED]> wrote:
> [...] I would want the site to prompt for a password if I was doing something
> important. The only way for the IdP to know that is for the RP to
> tell it somehow -> auth_age request.
This is only useful in conjunction with signed requests. A ma
On 4-Oct-06, at 2:20 PM, Kevin Turner wrote:
> On Wed, 2006-10-04 at 19:40 +0100, Martin Atkins wrote:
>> it's been my experience that users are willing to trade an awful
>> lot of
>> security to avoid software nagging at them repeatedly.
>
> Which goes back to what Dick was saying about his my
On Wed, 2006-10-04 at 19:40 +0100, Martin Atkins wrote:
> it's been my experience that users are willing to trade an awful lot of
> security to avoid software nagging at them repeatedly.
Which goes back to what Dick was saying about his myopenid.com login
cookie not expiring. Users didn't like l