On Wed, Feb 10, 2010 at 1:39 PM, Brian Smith <br...@briansmith.org> wrote:

> The subject does not want just **anybody** to verify his identity; he only
> wants the **relying party** to be able to verify his identity.

If I understand correctly, a URL signed using OAuth can be accessed
successfully only once, because of the oauth-nonce parameter. Or atleast, it
is possible to implement such a restriction at the identity provider's end.

Harshad RJ

Reply via email to