[OpenID] Reconsidering http://openid different from https://openid
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Sep 28 17:41:53 UTC 2007
Josh Hoyt wrote:
> Not to pick on anybody, but the first site I tried failed to work with
> HTTPS identifiers:
> http://wikitravel.org/en/Special:OpenIDLogin
>
> I think, in general, it's going to be people with hosting accounts
> where the programming environment was not linked to a SSL library, and
> not independent properties. I'm willing to bet that there are also
> sites (like Wikitravel) that didn't have any need for SSL support in
> the past, so they made the (quite reasonable) choice when setting up
> the machine not to install software that wasn't needed.
>
Josh, I think per concept, the RP doesn't have to implement SSL (https).
Obviously it would be preferred perhaps, but not a requirement. Much
different the ID provider should be the one with SSL support and
redirect to its own https://user.provider
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070928/b9ff0c80/attachment-0002.htm>
More information about the general
mailing list