[OpenID] Using HTTPS Openid Providers
Eric Norman
ejnorman at doit.wisc.edu
Wed Jun 13 20:50:09 UTC 2007
On Jun 13, 2007, at 2:58 PM, Immad Akhund wrote:
> Hi,
>
> I know the openid spec says that there isn't a problem with using
> https but if I was to make an openid provider that only worked over
> https is there likely to be any openid consumer that cannot handle
> that?
If the OpenID is of the form https://username.openid.provider, then
login might fail
because the name in the SSL certificate for the OpenID provider
certificate might
not match what was typed. The OpenID community says that this is the
fault of
the OP for failing to get a wild-card certificate. They also assert
that the
"not match what was typed" is part of the SSL protocol (which it isn't)
and
therefore out of scope;
> Are there examples of https openid provider out their? (this might be
> a silly question)
Try getting an OpenID from protectnetwork.org and see if you can log
in using an OpenID like https://username.protectnetwork.org
Eric Norman
ejnorman.blogspot.com
More information about the general
mailing list