[OpenID] Reconsidering http://openid differentfrom https://openid
Peter Williams
pwilliams at rapattoni.com
Wed Sep 19 22:37:21 UTC 2007
RP adoption I guess? RPs can prompt the users and consolidate two
accounts associated with HTTP and HTTPS identifiers today if they so
desire, even without any change to the OpenID spec. They will still
be treating the two identifiers as different as far as the OpenID
protocol is concerned, just bind them to the same RP account.
https://homepw.myopenid.com is a different account on LiveJournal than http://homepw.myopenid.com.
A note to self written logged in as the latter was not visible when logged in as the former.
The IDP (myopenid) challenged me to authenticate as the fully-qualifier URL (rather than the name I actually typed "homepw.myopenid.com" in the http case).
As Id expect the IDP (myopenid) challenged me to authenticate as the fully-qualifier https URL (given I typed "https://homepw.myopenid.com" in this case).
Logging back in as the https variant showed a change made on the previous vist as https://...
Neither account get one the privilege to maintain a Journal. A openid account is a second class citizen, in this area.
More information about the general
mailing list