[OpenID] Reconsidering http://openid different from https://openid

Johannes Ernst jernst+openid.net at netmesh.us
Thu Sep 20 19:18:42 UTC 2007 

On Sep 19, 2007, at 20:58, Dick Hardt wrote:

> On 19-Sep-07, at 8:56 PM, Johannes Ernst wrote:
>
>> Fair enough, the definition of the solution might be a bit more
>> complex then, but that doesn't mean the problem as I raised it and
>> others expanded on it does not exist.
>>
>> Perhaps we need to phrase this in requirements for the OP and the RP.
>> Let me try -- I'm sure people will find holes in this, but perhaps it
>> gets us a step further: first, for brevity, define SEQU the list of
>> "semantically equivalent URLs" as listed below.
>>
>> For OPs:
>> OPs MUST ensure that if it makes available more than one identifier
>> in an SEQU for use as an OpenID, all identifiers in the SEQU are
>> controlled by the same party.
>>
>> For RPs:
>> RPs MUST ensure that all identifiers in a SEQU are associated with
>> the same account, provided, however, that an account last accessed
>> with an HTTPS identifier in the SEQU must be prevented from being
>> accessed with an HTTP identifier in the SEQU unless the account
>> owner, authenticated using an HTTPS identifier, has specifically
>> allowed it.  (The idea is to only allow the ratcheting up of
>> security, not down)
>>
>> How's that?
>
> Note OPs are not the only one making identifiers available.

So you are saying that this set of rules is not complete due to  
delegation?

I'm focusing on the non-delegated case because unless we can get that  
fixed, there is no hope to get the delegated case fixed. Of course it  
does not imply that solving the non-delegated case solves the  
delegated case.

Or am I misunderstanding?




Johannes Ernst
NetMesh Inc.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070920/37c4d9cb/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070920/37c4d9cb/attachment-0005.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the general mailing list