Question on Association Secrets
Kevin Turner
kevin at janrain.com
Tue Mar 11 18:20:55 UTC 2008
On Mon, 2008-03-10 at 11:27 +0100, Oliver Welter wrote:
> 1) Is an individual session dedicated to an Identifier/OP Combo, or is a
> secret/session used for different Identifiers which are served by the
> same OP?
Associations are for a pair of (RP, OP), usable for any communication
between them regardless of identifier.
> 2) Is support of "No-Encryption over TLS" mandatory for each RP?
An RP that does not work when asked to communicate with an HTTPS
endpoint does not have a fully compliant installation of the protocol.
However, there do exist a number of these installations in the wild.
More information about the specs
mailing list