What is delegation for? (was Re: Wrapping Up Proposals)
Josh Hoyt
josh at janrain.com
Tue Oct 3 05:07:55 UTC 2006
On 10/2/06, Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
> It appears to me that OpenID should be able to do the same thing that
> we've been doing in LID: "one-way" nonces.
This is the way that it's currently written up in the spec. When I
wrote it up I had LID nonces in mind.
The current proposal is to have *two* nonces - one for the request and
one for the response. I bet there are good arguments for being able to
identify both the request and the response individually, but I can't
come up with any. Why do we need a response nonce if there is a
request nonce?
Josh
More information about the specs
mailing list