[OpenID] Using HTTPS Openid Providers
Johnny Bufu
johnny at sxip.com
Wed Jun 13 21:37:51 UTC 2007
On 13-Jun-07, at 2:03 PM, Josh Hoyt wrote:
>> Are there examples of https openid provider out their? (this might
>> be a
>> silly question)
>
> MyOpenID.com supports SSL, but works both ways. For example, both
> https://josh.myopenid.com/ and http://josh.myopenid.com/ work.
Sxipper also uses SSL, both for the OP-endpoint and for identifiers.
For the OP-endpoint we've also defined a lower priority HTTP service
endpoint.
Identifiers are HTTPS-only though; providing both HTTP and HTTPS
identifiers to a user may confuse them, because they will end up
using different identities if they log into an RP by presenting
"user.op.com" vs "https://user.op.com".
Johnny
More information about the general
mailing list