Re: [PROPOSAL] authentication age

2006-10-05 Thread Dick Hardt
Kevin, thanks for the well articulated argument. I do see this as something that is completely within the End Users control, and if the End User chose to ignore it, then that is their choice. The use case is that for convenience, a site wants to let the user do certain functions without

RE: [PROPOSAL] authentication age

2006-10-02 Thread Kevin Turner
On Sun, 2006-10-01 at 13:08 -0700, Recordon, David wrote: It could be augmented to also contain a response parameter telling the RP if the IdP acknowledged it, then the RP could make the decision if it wants to proceed. You will want that response parameter. Otherwise, couldn't I (as the