[security] HTTP and HTTPS URL issue (was RE: security)

[Josh Hoyt]

On 10/27/06, Eddy Nigg (StartCom Ltd.) <eddy_nigg at startcom.org> wrote:
>  BTW, did anybody of you notice, that the exchange of information
> (assoc_handle / shared secret) between the RP and IDP is completely
> optional?

Certainly, since I am one of the authors of the specification and
several libraries. Good to see that you've started looking at the
spec.

Why do you mention it?

Josh