Motivating Use Case ---------------------------- It is useful for an RP to know that a response to a request has already been processed and is not stale. A standard way to do this that can be incorporated into the Libraries would simplify things for the RP implementor
Proposed Implementation ----------------------------------- 1) Allow the RP to OPTIONALLY include a nonce in the request. The nonce would be of the same format as the nonce in the response from the IdP. The IdP will include the nonce from the RP in its response. 2) rename openid.nonce to openid.response_id and name the request nonce openid.request_id Alternate: call them openid.response_stamp and openid.request_stamp naming comments: + openid.nonce is not in use at this time, so easy to rename + id or stamp may make more sense to the average developer (mainly crypto and security people know what a nonce is, I have to explain to most developers) _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs