XPost: misc.phone.mobile.iphone   
   From: mariasophia@comprehension.com   
      
   Your Name wrote:   
   >> That has NEVER happened to me. Ever. On ANY of my many iOS devices. Over   
   MANY   
   >> years.  Do you understand that?   
   >>   
   >   
   > Yep, as awlays.   
   >   
   > The *only* times our iPad asks for any kind of password are when waking   
   > it from sleep / rebooting (asks for the PIN code), when using the App   
   > Store to install / update apps (asks for the user name and password),   
   > when using an app on another device that wants to connect to the iPad   
   > (e.g. iTunes on the Mac to do a manual backup, the iPad asks for the   
   > PIN code).   
      
   Hi Your Name,   
      
   Happy New Year!   
      
   I am not responding to personal remarks so I thank you for being polite in   
   your response kindly outlining your experiences.   
      
   Your Name's experience is fully consistent with Apple's token based   
   authentication model. It does not contradict anything described earlier.   
   It simply reflects a different set of enabled services and a different   
   pattern of token refresh behavior.   
      
   1. If a user enables only a few Apple services, then only a few tokens   
      exist on the device. Your Name mentions the App Store, the device PIN   
      and iTunes backup trust. He does not mention iCloud Drive, iCloud   
      Photos, iCloud Keychain, Messages in iCloud, FaceTime, Find My, Game   
      Center or other iCloud services. Each of those services issues its own   
      token. Fewer enabled services means fewer tokens that can expire.   
      
   2. Many Apple tokens can refresh silently. If the device is online and the   
      token supports silent refresh, iOS renews it without asking for the   
      Apple ID password. If a user's devices stay online often and have no   
      expired or revoked tokens, silent refresh succeeds and no prompt is   
      shown.   
      
   3. Some tokens only prompt during specific actions. The App Store token   
      prompts when installing or updating apps. The device trust system   
      prompts when connecting to iTunes for backup. The device PIN is needed   
      at unlock. These are action triggered events, not token expiration   
      events. If a user does not use services that require periodic   
      reauthentication, they will not see periodic prompts.   
      
   4. If a token never reaches a non silent expiration boundary, the user   
      never sees a password request. Some tokens refresh silently unless the   
      device is offline for long periods or unless Apple ID security changes.   
      If none of those conditions occur, the user will not be prompted.   
      
   5. Your Name's experience represents the minimal token, maximal silent   
      refresh case. Your experience represents the maximal token, occasional   
      silent refresh failure case. Both outcomes are normal results of the   
      same architecture.   
      
   In short, Your Name sees fewer prompts likely because he possibly uses   
   fewer Apple services and his tokens refresh silently. This is exactly what   
   Apple's well-documented iOS token-based design predicts.   
      
   Keep in mind that...   
   iOS does not use a single unified login session. Each Apple service issues   
   its own authentication token. Each token has its own expiration rules and   
   its own refresh behavior. Apple documents this across multiple developer   
   and support pages.   
      
   1. Apple Identity Services uses token based authentication.   
   2. iCloud services use separate tokens for Drive, Photos, Keychain and   
      background sync.   
   3. iMessage and FaceTime activation tokens expire and must be renewed.   
   4. The App Store requires periodic reauthentication.   
   5. Activation Lock and device activation use their own tokens.   
      
   These services do not share a single token. Some tokens can be refreshed   
   silently. Others cannot. When a token that cannot be silently refreshed   
   expires, iOS must request the Apple ID password even if the user never   
   logged out.   
      
   This explains why different users see different behavior.   
      
   A. Users with many Apple services enabled have more tokens, so there are   
      more chances for one to expire.   
   B. Users with fewer services enabled have fewer tokens, so prompts are   
      less frequent.   
   C. If silent refresh succeeds, the user sees nothing.   
   D. If silent refresh fails, iOS must prompt.   
      
   Apple also states that some services require periodic reauthentication.   
   This is normal behavior in Apple's token based architecture. It does not   
   depend on personal memory or personal habits. It depends on which services   
   are enabled and whether their tokens refresh successfully.   
      
   My point is not about anyone's honesty. It is about how Apple's   
   authentication system is designed and documented.   
   --   
   The purpose of this newsgroup is to better understand how iOS works.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)