Killing time
Brad Fitzpatrick
brad at danga.com
Sat Jul 9 01:23:55 PDT 2005
On Sat, 9 Jul 2005, Paul Crowley wrote:
> Taral wrote:
> > Speaking of this, why do we use absolute time in the associate
> > response? Considering that any good consumer will just take
> > replace_after - issued and use that as an expiry time due to clock
> > deviations, why don't we just put in number of seconds?
>
> You are right. Actually I thought of this as I was going to bed last
> night but I didn't want to get up again to post it. The original reason
> we had absolute time in the associate response was so that we could use
> our information about clock deviation to interpret the token, but now
> that we're not doing that I don't see the need.
Paul,
Can you post a list of proposed changes from what's on the specs.bml page
now?
Then I'll add a "compat => 1" option to the Net::OpenID::Server module to
send both old/new keys, with warning texts. (for people doing wire-level
debugging.....)
- Brad
More information about the yadis
mailing list