chowells at janrain.com
Mon Jun 27 16:48:24 PDT 2005
Brad Fitzpatrick wrote:
> I still don't see the problem with a 60 second valid_to -- the user-agent
> should have plenty of time to be redirected with that limit. But 15
> minutes is also fine by me.
I think we're interpreting the meaning of the valid_to field
differently. You seem to be interpreting it as the amount of time the
user has to finish logging in on the consumer site. With that
interpretation, one minute is probably fine.
I've been interpreting it as the maximum amount of time the server site
is allowing the user to stay logged in to the consumer's site. With
that interpretation, anything less than an hour seems ridiculous, and
anything under a day still seems very short-term.
Any thoughts? And whatever is decided, it's probably a good idea to
update the spec with clearer wording.
More information about the yadis