On Wed, Feb 10, 2010 at 1:39 PM, Brian Smith <br...@briansmith.org> wrote:
> The subject does not want just **anybody** to verify his identity; he only > wants the **relying party** to be able to verify his identity. > If I understand correctly, a URL signed using OAuth can be accessed successfully only once, because of the oauth-nonce parameter. Or atleast, it is possible to implement such a restriction at the identity provider's end. -- Harshad RJ http://hrj.wikidot.com