[OpenID] RPs accepting https:// identifiers
Eric Norman
ejnorman at doit.wisc.edu
Mon Aug 11 22:26:01 UTC 2008
On Aug 11, 2008, at 4:42 PM, SitG Admin wrote:
> >The obvious issue is that -- to my knowledge --
> https://openid.sun.com/user != http://openid.sun.com/user.
>
> What if, for some crazy reason, a site actually *wants* to make
> https://site.com/user a different page than http://site.com/user? For
> instance, I could make a "Profile" page available via HTTP that
> doesn't include any information I don't want to be captured in transit
> - and then have *another* version of the same page, over HTTPS, *with*
> that information.
>
> Still the same user, though.
What if? Then I would say that you're a lot more interested
in demonstrating your cleverness and trickiness than you are
in providing something that users can understand and use.
"Crazy" is the right adjective.
Eric Norman
More information about the general
mailing list