On Mon, 30 Oct 2006, Francis Cianfrocca wrote:

> I probably shouldn't get into this because it's offtopic, but why not just
> use a plain-vanilla federated identity solution with the external provider?

Because encrypting the id and putting it into the URL is trivial to 
implement, costs nothing, is sufficiently secure for this application, and 
provides the external folks with the information that they need.


Kirk Haines