a little wrapper file to run the implementation provider/secondary thingy standalone outside of the test harness

generate a persistent secret for cookie encryption at first server run.  still in pursuit of zero-config and as stateless as possible.

another patch to cookie-sessions.  don't bring the server down when a bad cookie is detected.  just ignore it

fix boogs: now running on firefox.  deal with the strange session preservation properties of the navigator object, and lockdown the jschannel so that include.js only speaks to its intended audience

move to encrypted cookies for persistent auth with the IP, fix several usability bugs related to the abscense of this

fix crypto-stubs.js to include embedded versions of prng and rng, also improve RP output and fiddle with the JSAPI a bit.  now an assertion is represented as an object where .jwt is the signed jwt blob, and convenience keys are populated from the blob

Conflicts:
	authority/static/dialog/crypto-stubs.js

take a step back.  remove the server component from the RP, just use static resources and cross domain XHR.  the in-repo test RPs should be as simple as possible

clean up webfinger support in authority: use mustache for templating cause it's hot, include Subject tag, support & expect acct: prefix