I'm more concerned about the response nonce functionality then the name. I was looking for a name that was more commonly used. SAML uses ID as the name of the nonce.
-- Dick On 1-Oct-06, at 3:27 AM, Recordon, David wrote: > I don't inherently see a problem with this, though it can't be > required since relying parties may not be able to keep state. > > I'd vote for openid.request_nonce and openid.response_nonce just in > making it clear what they actually are. I'm fine linking people > off to WikiPedia (http://en.wikipedia.org/wiki/ > Cryptographic_nonce), but that's just me. > > In any case, even if a request nonce isn't added, I’d like to see > openid.nonce renamed to openid.response_nonce. > > --David > > > -----Original Message----- > From: [EMAIL PROTECTED] on behalf of Dick Hardt > Sent: Sat 9/30/2006 4:57 PM > To: specs@openid.net > Subject: [PROPOSAL] request nonce and name > > Motivating Use Case > ---------------------------- > It is useful for an RP to know that a response to a request has > already been processed and is not stale. > A standard way to do this that can be incorporated into the Libraries > would simplify things for the RP implementor > > > Proposed Implementation > ----------------------------------- > 1) Allow the RP to OPTIONALLY include a nonce in the request. The > nonce would be of the same format as the nonce in the response from > the IdP. The IdP will include the nonce from the RP in its response. > > 2) rename openid.nonce to openid.response_id and name the request > nonce openid.request_id > > Alternate: call them openid.response_stamp and openid.request_stamp > > naming comments: > + openid.nonce is not in use at this time, so easy to rename > + id or stamp may make more sense to the average developer (mainly > crypto and security people know what a nonce is, I have to explain to > most developers) > > > _______________________________________________ > specs mailing list > specs@openid.net > http://openid.net/mailman/listinfo/specs > > > _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs