[PROPOSAL] request nonce and name
Dick Hardt
dick at sxip.com
Sun Oct 1 14:50:14 UTC 2006
I'm more concerned about the response nonce functionality then the
name. I was looking for a name that was more commonly used. SAML uses
ID as the name of the nonce.
-- Dick
On 1-Oct-06, at 3:27 AM, Recordon, David wrote:
> I don't inherently see a problem with this, though it can't be
> required since relying parties may not be able to keep state.
>
> I'd vote for openid.request_nonce and openid.response_nonce just in
> making it clear what they actually are. I'm fine linking people
> off to WikiPedia (http://en.wikipedia.org/wiki/
> Cryptographic_nonce), but that's just me.
>
> In any case, even if a request nonce isn't added, I’d like to see
> openid.nonce renamed to openid.response_nonce.
>
> --David
>
>
> -----Original Message-----
> From: specs-bounces at openid.net on behalf of Dick Hardt
> Sent: Sat 9/30/2006 4:57 PM
> To: specs at openid.net
> Subject: [PROPOSAL] request nonce and name
>
> Motivating Use Case
> ----------------------------
> It is useful for an RP to know that a response to a request has
> already been processed and is not stale.
> A standard way to do this that can be incorporated into the Libraries
> would simplify things for the RP implementor
>
>
> Proposed Implementation
> -----------------------------------
> 1) Allow the RP to OPTIONALLY include a nonce in the request. The
> nonce would be of the same format as the nonce in the response from
> the IdP. The IdP will include the nonce from the RP in its response.
>
> 2) rename openid.nonce to openid.response_id and name the request
> nonce openid.request_id
>
> Alternate: call them openid.response_stamp and openid.request_stamp
>
> naming comments:
> + openid.nonce is not in use at this time, so easy to rename
> + id or stamp may make more sense to the average developer (mainly
> crypto and security people know what a nonce is, I have to explain to
> most developers)
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
>
More information about the specs
mailing list