Request Nonce
Dick Hardt
dick at sxip.com
Wed Oct 4 02:30:54 UTC 2006
On 2-Oct-06, at 6:44 PM, Josh Hoyt wrote:
> P.P.S Brad also proposed at around the same time[2] adding a (request)
> nonce, which was rejected because you could just add it to the
> return_to URL
>
> 1. http://lists.danga.com/pipermail/yadis/2005-June/000676.html
> 2. http://lists.danga.com/pipermail/yadis/2005-May/000180.html
Agreed you can put it in the return_to URL
I think this functionality should be contained within the libraries
and does not need to be exposed to the application, and hence should
be in the protocol message so that it can be dealt with consistently
and be transparent to the application developer.
More information about the specs
mailing list