that ess in 'https'

Grant Monroe grant at janrain.com
Tue Jun 27 19:19:25 UTC 2006


On 6/27/06, Martin Atkins <mart at degeneration.co.uk> wrote:
> I think my favourite solution right now is to require relying parties to
> support SSL and then use the existing "canonicalization through
> redirection" feature of OpenID to solve this problem. The problem that
> doesn't address is where an identity provider starts off on cleartext
> and migrates to SSL, which admittedly I don't have a good answer to.
>

I agree whole heartedly. I'd been wanting to post something to this effect
but hadn't found the time. Thanks Martin!

--
 Grant Monroe
 JanRain, Inc.


More information about the yadis mailing list