mrsaturn at teencity.org
Fri May 20 23:42:29 PDT 2005
Brad Fitzpatrick wrote:
>Nonce support has been added to the protocol. Optional for consumers to
>send. Required for identity servers to echo back and sign.
Erm, is this really necessary? Can't a consumer just include something
like that in their return URL, that in turn is part of the message
hashed by the identity server? It seems like an extra implementation
detail that doesn't really get you anything that you couldn't get
otherwise, but perhaps I'm missing something?
More information about the yadis