Killing time

Paul Crowley paul at
Sun Jul 10 05:05:20 PDT 2005

Protocol spec change proposal:

Add a recommendation that the return_to URL includes some hard-to-guess 
parameter which can be used to verify that it was generated sufficiently 
recently.  I'll have a go at providing wording for that in a bit.

In the response to an openid.mode="associate" request, delete the 
issued, replace_after and expiry headers.  Add this header:

replace_after_s: time after which it's recommended to get a new 
association handle to replace this one.

In a positive response to a checkid_immediate or checkid_setup request, 
delete these headers:


 From the response to a check_authentication request, delete the 
"lifetime" key and add an "is_valid" key whose value is either "true" or 
"false".  (Brad, if you prefer "1" or "0" here I'm fine with that)
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list