CIBA: limit lifetime of signed auth request
Joseph Heenan
Branch: josephheenan/fapi:ciba-req-obj
Branch: openid/fapi:master
Merged
Merged pull request
Merged in josephheenan/fapi/ciba-req-obj (pull request #112)
Merged in josephheenan/fapi/ciba-req-obj (pull request #112)
As is done in FAPI-RW for the request object, explicitly require that the
signed authentication request has a limited lifetime.
If a signed authentication request has a long lifetime, it does not
contain evidence of when it was used so it less useful for
non-repudiation.
Additionally limiting the lifetime of requests limits the window during
which they can be used in replay attacks if obtained by an attacker.
60 minutes is seen as a fairly arbitary upper limit; other than for
clock skew related reasons I cannot currently think of a reason why the
request would need to have a lifetime longer than a minute or two.