Questions about IIW Identifier Recycling Table
Recordon, David
drecordon at verisign.com
Fri Jun 8 17:32:09 UTC 2007
The difference I see is that the current secrets can be renegotiated.
If we're working with non-public fragments then they cannot be. If
we're working with public fragments, then I'm less concerned.
--David
-----Original Message-----
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
Behalf Of Josh Hoyt
Sent: Friday, June 08, 2007 10:29 AM
To: sappenin at gmail.com
Cc: specs at openid.net
Subject: Re: Questions about IIW Identifier Recycling Table
On 6/7/07, David Fuelling <sappenin at gmail.com> wrote:
If the token is publically viewable, then losing it is not an issue. I
do not share David's concern about depending on a secret, since both
the relying party and the provider already need to store secrets.
Josh
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
More information about the specs
mailing list