On Thu, May 22, 2008 at 9:27 AM, Gary Helmling <[EMAIL PROTECTED]> wrote: > All that encryption adds is hiding the values themselves (owner id, > viewer id, module id, app id, domain, app url), which given the values > and the fact that they're probably available in many other ways, I'm > wondering what the benefit of hiding those is.
You are absolutely correct that integrity is essential for the token, and encryption may be optional. As an example of why encryption may be useful consider Google: we have internal identifiers for users that we keep secret. We are willing to give gadgets an opaque identifier for the user, but not our real internal identifier. I suggest that everyone encrypt this token, for the following reasons: - opacity of the token keeps gadgets from making unsafe assumptions about token format. - sometimes there is confidential information in the token. - encryption is easy and cheap. There is no down side. If you have some particular environment where you can't use encryption for the token, that's fine, but please be cautious about recommending that other people not encrypt. They are not necessarily working in your environment. Cheers, Brian
