>I'd like to transmit sensitive data over the Attribute Exchange >Extension and was wondering about the best way for encryption. Could you use the nonce for encryption? I assume here, of course, that the nonce has already been encrypted during the OpenID exchange (I'm not strong on the technical aspects of this). -Shade