openid.nonce added

Karl Koscher mrsaturn at
Fri May 20 23:42:29 PDT 2005

Brad Fitzpatrick wrote:

>Nonce support has been added to the protocol.  Optional for consumers to
>send.  Required for identity servers to echo back and sign.
Erm, is this really necessary? Can't a consumer just include something 
like that in their return URL, that in turn is part of the message 
hashed by the identity server? It seems like an extra implementation 
detail that doesn't really get you anything that you couldn't get 
otherwise, but perhaps I'm missing something?

- Karl

More information about the yadis mailing list