section 11. Verifying Assertions
Todd Kaplinger
todkap at us.ibm.com
Mon Jul 28 18:24:00 UTC 2008
The encoding of state in a signed cookie is definitely one option I have
considered.
Can you please explain in a little more detail how one would do 11.4.2? I
am looking at it but not sure how to verify the discovery information or
the returnTO. The text sounds similar to a second association but it does
not detail which information I would send to the OP. Do you have an
example set of parameters that I would send back to the OP from the
relying party?
Thank you
Todd Kaplinger
Project Zero Architecture and Development
http://www.projectzero.org
"Kevin Turner" <kevin at janrain.com>
07/28/2008 01:56 PM
To
Todd Kaplinger/Durham/IBM at IBMUS
cc
specs at openid.net
Subject
Re: section 11. Verifying Assertions
See section 11.4.2. Verifying Directly with the OpenID Provider.
or encode your state in a signed cookie or the return_to URL or somesuch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080728/bff0d770/attachment-0002.htm>
More information about the specs
mailing list