[OpenID] Reconsidering http://openid different from https://openid
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Fri Sep 28 18:25:36 UTC 2007
Josh Hoyt wrote:
> On 9/28/07, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org> wrote:
>
>> Josh, I think per concept, the RP doesn't have to implement SSL (https). Obviously
>> it would be preferred perhaps, but not a requirement. Much different the ID provider
>> should be the one with SSL support and redirect to its own https://user.provider
>>
>
> I meant the ability to *make* HTTPS requests (e.g. with libcurl). The
> relying party certainly needs to do this if the transaction is to take
> place over HTTPS.
>
Thanks for your clarification. I'd except most (any) hosting provider
who supports PHP to have the "standard" modules available.
Libcurl/OpenSSL one of them...but one never knows ;-) It would certainly
be hurdle for the ones in such a situation.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070928/57639360/attachment-0002.htm>
More information about the general
mailing list