<HTML>
<HEAD>
<TITLE>Re: [OpenID] Facebook Connect in 8 minutes, feat Luke Shephard</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>At the option of the relying party / application, yes.<BR>
<BR>
<a href="http://wiki.developers.facebook.com/index.php/Facebook_Connect_Via_SSL">http://wiki.developers.facebook.com/index.php/Facebook_Connect_Via_SSL</a><BR>
<BR>
<BR>
On 12/12/08 11:15 AM, "Eddy Nigg (StartCom Ltd.)" <<a href="eddy_nigg@startcom.org">eddy_nigg@startcom.org</a>> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>On 12/12/2008 07:59 PM, Luke Shepard: <BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'> Re: [OpenID] Facebook Connect in 8 minutes, feat Luke Shephard <BR>
<BR>
In short, the cost of implementing Connect or OpenID without the help of a Javascript library is greater than the expected cost of a security breach by embedding a third-party Javascript library. Hence, most businesses will choose the library.<BR>
<BR>
<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>Is the script served over SSL/TLS?<BR>
<BR>
<BR>
Regards <BR>
<BR>
Signer: Eddy Nigg, StartCom Ltd. <<a href="http://www.startcom.org">http://www.startcom.org</a>> <BR>
Jabber: <a href="startcom@startcom.org">startcom@startcom.org</a> <<a href="xmpp:startcom@startcom.org">xmpp:startcom@startcom.org</a>> <BR>
Blog: Join the Revolution! <<a href="http://blog.startcom.org">http://blog.startcom.org</a>> <BR>
Phone: +1.213.341.0390 <BR>
<BR>
<BR>
<BR>
</SPAN></FONT></BLOCKQUOTE>
</BODY>
</HTML>