[PROPOSAL] request nonce and name

Granqvist, Hans hgranqvist at verisign.com
Mon Oct 2 22:09:23 UTC 2006 

+1. 
 
A nonce may make a good ID, but all ID's do not make good nonces. 
 
Clarity is good so naming ideas that are extend clarity are good. 


________________________________

	From: specs-bounces at openid.net [mailto:specs-bounces at openid.net]
On Behalf Of Recordon, David
	Sent: Sunday, October 01, 2006 12:28 AM
	To: Dick Hardt; specs at openid.net
	Subject: RE: [PROPOSAL] request nonce and name
	
	

	I don't inherently see a problem with this, though it can't be
required since relying parties may not be able to keep state.
	
	I'd vote for openid.request_nonce and openid.response_nonce just
in making it clear what they actually are.  I'm fine linking people off
to WikiPedia (http://en.wikipedia.org/wiki/Cryptographic_nonce), but
that's just me.
	
	In any case, even if a request nonce isn't added, I'd like to
see openid.nonce renamed to openid.response_nonce.
	
	--David
	
	
	-----Original Message-----
	From: specs-bounces at openid.net on behalf of Dick Hardt
	Sent: Sat 9/30/2006 4:57 PM
	To: specs at openid.net
	Subject: [PROPOSAL] request nonce and name
	
	Motivating Use Case
	----------------------------
	It is useful for an RP to know that a response to a request has 
	already been processed and is not stale.
	A standard way to do this that can be incorporated into the
Libraries 
	would simplify things for the RP implementor
	
	
	Proposed Implementation
	-----------------------------------
	1) Allow the RP to OPTIONALLY include a nonce in the request.
The 
	nonce would be of the same format as the nonce in the response
from 
	the IdP. The IdP will include the nonce from the RP in its
response.
	
	2) rename openid.nonce to openid.response_id and name the
request 
	nonce openid.request_id
	
	Alternate: call them openid.response_stamp and
openid.request_stamp
	
	naming comments:
	+ openid.nonce is not in use at this time, so easy to rename
	+ id or stamp may make more sense to the average developer
(mainly 
	crypto and security people know what a nonce is, I have to
explain to 
	most developers)
	
	
	_______________________________________________
	specs mailing list
	specs at openid.net
	http://openid.net/mailman/listinfo/specs
	
	
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061002/41f6f647/attachment-0002.htm>

More information about the specs mailing list