[OpenID] Reconsidering http://openid different from https://openid
John Panzer
jpanzeracm at johnpanzer.com
Fri Sep 28 15:03:10 UTC 2007
Jack wrote:
> George Fletcher wrote:
>
>>So, just to make sure I've got the best practices from this thread...
>>
>>
>>1. OPs: Support HTTPS and always redirect the http version to the
>>https version
>
>
> From what I've read, that particular practice would be inconsistent with
> some RPs, which apparently don't support HTTPS. This is such a nuisance;
> surely a better way of putting it is that such RPs are inconsistent with
> secure OpenID?
>
Is there a concrete case of a real-world RP that can't easily support
(the client side of) https? Not saying one doesn't exist, just that I
don't know of one, and it would be good to have a concrete case
documented if it does exist.
More information about the general
mailing list