include full origin (inc. scheme) in generated assertions.  To preserve compatibility, allow the rp to omit scheme in post data, and subsequent to verification, return whatever the rp sent us.  issue #82

added issuer back to verifier response, using now hostname only of issuer, since that's all we will have for primaries, e.g. @gmail.com

find instances of console.log() and send them to the logger instead, when running under dev harness also route to console.  issue #169

rather than imposing restrictions on structure of logged objects we should make all required fields proper parameters that are obvious upon inspection of the signature of the log function. issue #168

verifier now accepts parameters over POST in addition to GET, use of the former is preferred and user identifiable data out of http logs.  closes #96

verifier now responds to requests to / and to /verify.  in production we're routing verify calls to the latter (via nginx).  closes #67

simplify verifier a bit to make it simpler to use either off the same domain as browserid.org OR on its own domain.

add /code_update handlers to all servers to allow unpriviled users with localhost access on the machine to shut them down with an http request (for code update)

implement localstorage caching of ids and pubkeys, stub out assertion generation crypto and use it from client code

migrate to the connect framework for node.js, specifically this provides session management middleware