[OpenID] Reconsidering http://openid different from https://openid
Josh Hoyt
josh at janrain.com
Fri Sep 28 15:38:13 UTC 2007
On 9/28/07, John Panzer <jpanzeracm at johnpanzer.com> wrote:
> Is there a concrete case of a real-world RP that can't easily support
> (the client side of) https? Not saying one doesn't exist, just that I
> don't know of one, and it would be good to have a concrete case
> documented if it does exist.
Not to pick on anybody, but the first site I tried failed to work with
HTTPS identifiers:
http://wikitravel.org/en/Special:OpenIDLogin
I think, in general, it's going to be people with hosting accounts
where the programming environment was not linked to a SSL library, and
not independent properties. I'm willing to bet that there are also
sites (like Wikitravel) that didn't have any need for SSL support in
the past, so they made the (quite reasonable) choice when setting up
the machine not to install software that wasn't needed.
I'm sure that if you look for relying parties that are on hosted PHP
servers, you'll find some more. My previous statements about lack of
SSL support come from switching MyOpenID.com to default to the HTTPS
endpoint and then dealing with the steady stream of support requests
about OpenID failing where it used to succeed.
Josh
More information about the general
mailing list