[OpenID] Selectively Redirecting OpenID Traffic To HTTPS
Eric Norman
ejnorman at doit.wisc.edu
Fri Jan 11 13:06:34 UTC 2008
On Jan 11, 2008, at 5:57 AM, Trevor Johns wrote:
> According to the OpenID spec, HTTPS identifiers are recommended over
> HTTP. Since the default scheme for a URL identifier is HTTP, the spec
> also recommends creating a redirect from the HTTP version of a URL to
> the HTTPS version of a URL when possible.
>
> While creating this redirect isn't itself a problem, I don't want to
> send visitors to the HTTPS version of my site unless necessary. Is
> there any way to selectively redirect OpenID traffic to HTTPS without
> affecting normal traffic?
Since AT&T and others would like to monitor and filter
traffic that they handle, perhaps it would be better
for your visitors if HTTPS were the normal case. See
http://bits.blogs.nytimes.com/2008/01/08/att-and-other-isps-may-be-
getting-ready-to-filter/
Eric Norman
More information about the general
mailing list