[PROPOSAL] request nonce and name
Granqvist, Hans
hgranqvist at verisign.com
Mon Oct 2 22:09:23 UTC 2006
+1.
A nonce may make a good ID, but all ID's do not make good nonces.
Clarity is good so naming ideas that are extend clarity are good.
________________________________
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net]
On Behalf Of Recordon, David
Sent: Sunday, October 01, 2006 12:28 AM
To: Dick Hardt; specs at openid.net
Subject: RE: [PROPOSAL] request nonce and name
I don't inherently see a problem with this, though it can't be
required since relying parties may not be able to keep state.
I'd vote for openid.request_nonce and openid.response_nonce just
in making it clear what they actually are. I'm fine linking people off
to WikiPedia (http://en.wikipedia.org/wiki/Cryptographic_nonce), but
that's just me.
In any case, even if a request nonce isn't added, I'd like to
see openid.nonce renamed to openid.response_nonce.
--David
-----Original Message-----
From: specs-bounces at openid.net on behalf of Dick Hardt
Sent: Sat 9/30/2006 4:57 PM
To: specs at openid.net
Subject: [PROPOSAL] request nonce and name
Motivating Use Case
----------------------------
It is useful for an RP to know that a response to a request has
already been processed and is not stale.
A standard way to do this that can be incorporated into the
Libraries
would simplify things for the RP implementor
Proposed Implementation
-----------------------------------
1) Allow the RP to OPTIONALLY include a nonce in the request.
The
nonce would be of the same format as the nonce in the response
from
the IdP. The IdP will include the nonce from the RP in its
response.
2) rename openid.nonce to openid.response_id and name the
request
nonce openid.request_id
Alternate: call them openid.response_stamp and
openid.request_stamp
naming comments:
+ openid.nonce is not in use at this time, so easy to rename
+ id or stamp may make more sense to the average developer
(mainly
crypto and security people know what a nonce is, I have to
explain to
most developers)
_______________________________________________
specs mailing list
specs at openid.net
http://openid.net/mailman/listinfo/specs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061002/41f6f647/attachment-0002.htm>
More information about the specs
mailing list