<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
McGovern, James F (HTSC, IT) wrote:<br>
<blockquote
 cite="mid:7E17878DC3BD7640949FBBE9F7FCABC6A0EBC5@AD1HFDEXC306.ad1.prod"
 type="cite">
  <pre wrap="">
One of the scenarios that reputation would need to consider is the
security of all channels. For example, in my role I may deem that I will
only trust interactions that occurred 100% over SSL. If someone
specified an HTTP Open ID (e.g. <a class="moz-txt-link-freetext" href="http://james.myopenid.com/">http://james.myopenid.com/</a>) and not
(<a class="moz-txt-link-freetext" href="https://james.moresecureopenid.com">https://james.moresecureopenid.com</a>) then I can ignore the entire flow.</pre>
</blockquote>
Not entirely correct. The OpenID could be even entered as
"james.myopenid.com", but the interaction with the OpenID server can be
in SSL mode, plus the OP returns openid.identity =
<a class="moz-txt-link-freetext" href="https://james.myopenid.com">https://james.myopenid.com</a> . At this stage the RP can make a decision,
not before I think.<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
  <tbody>
    <tr>
      <td colspan="2">Regards </td>
    </tr>
    <tr>
      <td colspan="2"> </td>
    </tr>
    <tr>
      <td>Signer: </td>
      <td>Eddy Nigg, <a href="http://www.startcom.org">StartCom Ltd.</a></td>
    </tr>
    <tr>
      <td>Jabber: </td>
      <td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
    </tr>
    <tr>
      <td>Blog: </td>
      <td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
    </tr>
    <tr>
      <td>Phone: </td>
      <td>+1.213.341.0390</td>
    </tr>
    <tr>
      <td colspan="2"> </td>
    </tr>
  </tbody>
</table>
</div>
</body>
</html>