[OpenID] Reconsidering http://openid different from https://openid
Johannes Ernst
jernst+openid.net at netmesh.us
Wed Sep 19 22:51:27 UTC 2007
On Sep 19, 2007, at 15:12, Josh Hoyt wrote:
> On 9/19/07, Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
>> Yes. Let's say I'm your new specialist, and you are trying to give me
>> access to your on-line medical records (i.e. you edit the ACL), but
>> instead you are giving access to somebody else whose OpenID was just
>> the same minus the 's'.
>
> If I understand correctly, you are proposing to solve this problem by
> defining identifiers differentiated only by scheme to be equivalent.
> Is that correct?
On reflection, just the following ones:
http://foo/bar
http://foo:80/bar
http://foo:443/bar
https://foo/bar
https://foo:80/bar
https://foo:443/bar
(leaving out all other schemes and/or port numbers)
In a stricter form, we could say "any port number", but that might
not be important for the general public and could get in the way of
developer testing.
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070919/d72b6ee6/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070919/d72b6ee6/attachment-0005.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the general
mailing list