On 12-Oct-06, at 5:07 PM, Josh Hoyt wrote:

> On 10/12/06, Marius Scurtescu <[EMAIL PROTECTED]> wrote:
>> If passing through all unrecognized parameters can cause problems
>> then there could be a special namespace for this purpose. For
>> example, all parameters with names starting with openid.pass. should
>> be ignored by the IdP and passed back to the RP.
> Yahoo Browser-based authentication [1] has a single parameter called
> "appdata" (that you can find in [2]) that is used for this purpose.
> This seems general enough to me.

True, even one single pass through parameter should do.

specs mailing list

Reply via email to