Killing time
Paul Crowley
paul at ciphergoth.org
Sun Jul 10 05:05:20 PDT 2005
Protocol spec change proposal:
Add a recommendation that the return_to URL includes some hard-to-guess
parameter which can be used to verify that it was generated sufficiently
recently. I'll have a go at providing wording for that in a bit.
In the response to an openid.mode="associate" request, delete the
issued, replace_after and expiry headers. Add this header:
replace_after_s: time after which it's recommended to get a new
association handle to replace this one.
In a positive response to a checkid_immediate or checkid_setup request,
delete these headers:
openid.valid_to
openid.issued
From the response to a check_authentication request, delete the
"lifetime" key and add an "is_valid" key whose value is either "true" or
"false". (Brad, if you prefer "1" or "0" here I'm fine with that)
--
__
\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/
More information about the yadis
mailing list