Re: [PROPOSAL] request nonce and name

2006-10-13 Thread Martin Atkins
Marius Scurtescu wrote: On 12-Oct-06, at 5:07 PM, Josh Hoyt wrote: On 10/12/06, Marius Scurtescu [EMAIL PROTECTED] wrote: If passing through all unrecognized parameters can cause problems then there could be a special namespace for this purpose. For example, all parameters with names

RE: [PROPOSAL] request nonce and name

2006-10-12 Thread Recordon, David
Title: RE: [PROPOSAL] request nonce and name Josh and I chatted a good deal about this and don't believe a request nonce is actually needed. The main motivation for a request nonce is allowing a RP to retain state within the transaction. A stateful RP however already has the means to store

Re: [PROPOSAL] request nonce and name

2006-10-12 Thread Martin Atkins
Recordon, David wrote: We thus believe that any state tracking needed by a stateless RP must be maintained as GET parameters within the return_to argument. In the case of a stateful RP, it can either do the same thing, or store state via other means such as using a session id within a

Re: [PROPOSAL] request nonce and name

2006-10-12 Thread Marius Scurtescu
On 12-Oct-06, at 12:10 PM, Recordon, David wrote: We thus believe that any state tracking needed by a stateless RP must be maintained as GET parameters within the return_to argument. In the case of a stateful RP, it can either do the same thing, or store state via other means such as

Re: [PROPOSAL] request nonce and name

2006-10-12 Thread Josh Hoyt
On 10/12/06, Marius Scurtescu [EMAIL PROTECTED] wrote: If passing through all unrecognized parameters can cause problems then there could be a special namespace for this purpose. For example, all parameters with names starting with openid.pass. should be ignored by the IdP and passed back to

Re: [PROPOSAL] request nonce and name

2006-10-12 Thread Marius Scurtescu
On 12-Oct-06, at 5:07 PM, Josh Hoyt wrote: On 10/12/06, Marius Scurtescu [EMAIL PROTECTED] wrote: If passing through all unrecognized parameters can cause problems then there could be a special namespace for this purpose. For example, all parameters with names starting with openid.pass.