Killing time

Brad Fitzpatrick brad at
Sat Jul 9 01:23:55 PDT 2005

On Sat, 9 Jul 2005, Paul Crowley wrote:

> Taral wrote:
> > Speaking of this, why do we use absolute time in the associate
> > response? Considering that any good consumer will just take
> > replace_after - issued and use that as an expiry time due to clock
> > deviations, why don't we just put in number of seconds?
> You are right.  Actually I thought of this as I was going to bed last
> night but I didn't want to get up again to post it.  The original reason
> we had absolute time in the associate response was so that we could use
> our information about clock deviation to interpret the token, but now
> that we're not doing that I don't see the need.


Can you post a list of proposed changes from what's on the specs.bml page

Then I'll add a "compat => 1" option to the Net::OpenID::Server module to
send both old/new keys, with warning texts.  (for people doing wire-level

- Brad

More information about the yadis mailing list