[OpenID] Calling OpenID 2.0 editors (wasRE:ProblemswithOpenIDand TAG httpRange-14)
Steven Churchill
steven.churchill at ootao.com
Thu Mar 13 00:26:35 UTC 2008
Good stuff John.
So you are saying that the RP client needs to follow all redirects and that
for security the final one SHOULD be an https endpoint -- and that this
final https URL is what a smart RP would use for its PK.
+1.
~ Steve
_____
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Drummond Reed
Sent: Wednesday, March 12, 2008 4:22 PM
To: general at openid.net
Subject: Re: [OpenID] Calling OpenID 2.0 editors
(wasRE:ProblemswithOpenIDand TAG httpRange-14)
RE the whole subject of OpenID identifiers, John Bradley has posted the
following blog entry:
http://thread-safe.livejournal.com/9907.html
It's a good read not just about the evolution of the different options but
also about the security implications.
=Drummond
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080312/e471d370/attachment-0002.htm>
More information about the general
mailing list