OpenID 3.0
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Mon Feb 4 18:45:12 UTC 2008
McGovern, James F (HTSC, IT) wrote:
> One of the scenarios that reputation would need to consider is the
> security of all channels. For example, in my role I may deem that I will
> only trust interactions that occurred 100% over SSL. If someone
> specified an HTTP Open ID (e.g. http://james.myopenid.com/) and not
> (https://james.moresecureopenid.com) then I can ignore the entire flow.
Not entirely correct. The OpenID could be even entered as
"james.myopenid.com", but the interaction with the OpenID server can be
in SSL mode, plus the OP returns openid.identity =
https://james.myopenid.com . At this stage the RP can make a decision,
not before I think.
--
Regards
Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
Jabber: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Phone: +1.213.341.0390
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080204/09e8bdc1/attachment-0001.htm>
More information about the specs
mailing list