Hi, Are we talking about here some mechanism for RPs to specify a time at which the user's session with their OP should expire? If they could then a RP could potentially pick a short expirey time that negatively affects the user's use of OpenID. The user is also unlikely to know the reason as to why their sessions are timing out so fast, and would likely think it is a problem with the provider. Or have I misunderstood the question?
- Jacob.
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
