[OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP implementations)
Peter Williams
pwilliams at rapattoni.com
Sun Jan 4 21:40:39 UTC 2009
Wherever I typed SP, read RP.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of Peter Williams
Sent: Sunday, January 04, 2009 12:36 PM
To: Andrew Arnott
Cc: general at openid.net
Subject: Re: [OpenID] The HTTPS in the OpenID (Re: Bug in OpenID RP implementations)
Ok!
Let me assume we now BELIEVE we actually COULD leverage the (highly least-privilege-centric) .NET platform (operating in a constrained IIS7 data center hosted environment) to build our "custom" cert trust models, suiting openid discovery (operating in an UCI threat environment). That is: we have at least removed the status quo barrier.
We can now get back to design issues. What _should_ the custom chain validation logic be, and how should it cooperate with cert-based namespace controls invoked by the vanity https URLs used during discovery and any
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090104/1cf4fa3f/attachment-0002.htm>
More information about the general
mailing list