security
Josh Hoyt
josh at janrain.com
Wed Oct 25 17:40:36 UTC 2006
On 10/25/06, Chris Drake <christopher at pobox.com> wrote:
> No "Users" need to install SSL - only all RPs and IdPs
If the user uses a URL identifier of his own, the security of their
authentication is only as good as the security of their identifier
URL, because this is how the IdP is discovered. Thus, if SSL is
required for IdPs and RPs, it will be required for any user who brings
their own URL identifier.
Josh
More information about the general
mailing list