[PROPOSAL] request nonce and name
Marius Scurtescu
marius at sxip.com
Fri Oct 13 01:11:21 UTC 2006
On 12-Oct-06, at 5:07 PM, Josh Hoyt wrote:
> On 10/12/06, Marius Scurtescu <marius at sxip.com> wrote:
>> If passing through all unrecognized parameters can cause problems
>> then there could be a special namespace for this purpose. For
>> example, all parameters with names starting with openid.pass. should
>> be ignored by the IdP and passed back to the RP.
>
> Yahoo Browser-based authentication [1] has a single parameter called
> "appdata" (that you can find in [2]) that is used for this purpose.
> This seems general enough to me.
True, even one single pass through parameter should do.
More information about the specs
mailing list