Question on Association Secrets
Oliver Welter
mail at oliwel.de
Mon Mar 10 10:27:30 UTC 2008
Hi All,
I am a reaerch assistant and working on the field of trusted computing
and privacy protection and currently evaluate benefits of OpenID and
TC-Infrastructures.
One thing that is unclear for me from the spec, is about the association
secret / session.
1) Is an individual session dedicated to an Identifier/OP Combo, or is a
secret/session used for different Identifiers which are served by the
same OP?
2) Is support of "No-Encryption over TLS" mandatory for each RP?
TIA
Oliver
--
Protect your environment - close windows and adopt a penguin!
PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF 8168 CAB7 B0DD 3985 1721
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080310/adedb04a/attachment-0002.pgp>
More information about the specs
mailing list