paul at ciphergoth.org
Mon Jun 6 01:57:21 PDT 2005
Martin Atkins wrote:
> It's quite possible that I've missed something somewhere along the line,
> but I feel it's a good idea to point out that form-urlencoded doesn't
> enforce a parameter order, and the recieving end will need to know the
> parameter order so that it can check the hash.
We explicitly specify which parameters are signed and in what order with
the comma-separated "openid.signed" field, so it's not too hard to
assemble the token in order to check the signature.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the yadis