[OpenID] AOL, directed identity, and https?
Peter Watkins
peterw at tux.org
Fri Jun 11 20:25:51 UTC 2010
It's been 9 months since we saw this headline:
Yahoo!, PayPal, Google, Equifax, AOL, VeriSign, Acxiom,
Citi, Privo, Wave Systems Pilot Open Identity for Open Government
(http://openid.net/2009/09/09/yahoo-paypal-google-equifax-aol-verisign-acxiom-citi-privo-wave-systems-pilot-open-identity-for-open-government-2/)
and I understood that one of the US Government's ICAM
requirements for OpenID OPs was to use 100% https. Last month
I checked AOL again and it is *very* close to providing what
I expected -- I can use https://api.screenname.aol.com/auth/
for a directed identity login with AOL. But the final identifiers
are http:// URLs ("https://api.screenname.aol.com/auth/screenname"
or "https://api.screenname.aol.com/auth/biglongrandomstringhere").
Is this AOL's final plan, or will they move to using https:
URIs for individual identifiers?
As far as I know, Google and Yahoo! are still the only really
big OPs that offer 100% https directed identity logins. This does
simplify our NASCAR RP login page, but I'm disappointed not to be
able to offer AOL and Windows Live... are there other big players
whose logos I should consider adding, OPs with 100% https directed
identity solutions in place now?
Thanks,
Peter
More information about the general
mailing list