[OpenID] Secure attribute transmission
Andrew Arnott
andrewarnott at gmail.com
Sun Aug 3 21:45:53 UTC 2008
The openid.response_nonce won't be helpful here. If your RP can work only
with HTTPS OP endpoints, and if your RP has an https:// return_to address,
then you're already golden. The authenticating user will have the
opportunity to see the information flash by in transit, but no one else
will, and presumably this information isn't to be held private against the
user himself! :)
On Sun, Aug 3, 2008 at 11:51 AM, SitG Admin <sysadmin at shadowsinthegarden.com
> wrote:
> >I'd like to transmit sensitive data over the Attribute Exchange
> >Extension and was wondering about the best way for encryption.
>
> Could you use the nonce for encryption? I assume here, of course,
> that the nonce has already been encrypted during the OpenID exchange
> (I'm not strong on the technical aspects of this).
>
> -Shade
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080803/2618a64b/attachment-0002.htm>
More information about the general
mailing list