[OpenID] Xrd signing with username token
Hans Granqvist
hans at granqvist.com
Fri Jul 24 08:28:35 UTC 2009
Isn't the handle unique per association, which means no one outside
the association could verify the signature?
On Thu, Jul 23, 2009 at 12:01 PM, Peter Williams<pwilliams at rapattoni.com> wrote:
>
> Rather than sign the xrd wit rsa and public cert, can we also imagine
> signing with a username token, where the digested password is the
> existing openid association handle for that rp?
>
> (username token would have STD timestamp and nonce, to address replay)
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
More information about the general
mailing list