The difference I see is that the current secrets can be renegotiated.
If we're working with non-public fragments then they cannot be.  If
we're working with public fragments, then I'm less concerned.

--David

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Josh Hoyt
Sent: Friday, June 08, 2007 10:29 AM
To: [EMAIL PROTECTED]
Cc: specs@openid.net
Subject: Re: Questions about IIW Identifier Recycling Table

On 6/7/07, David Fuelling <[EMAIL PROTECTED]> wrote:
If the token is publically viewable, then losing it is not an issue. I
do not share David's concern about depending on a secret, since both
the relying party and the provider already need to store secrets.

Josh
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs

Reply via email to