<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>Re: that ess in 'https'</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText8222 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>I'd imagine LiveJournal would
never be a compliant IdP then :-\ We can't raise the bar too high for
either an IdP or RP. I don't mind as much for IdPs, but still want it to
be fairly simple.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>--David</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> yadis-bounces@lists.danga.com on behalf of
Dag Arneson<BR><B>Sent:</B> Tue 6/27/2006 4:24 PM<BR><B>To:</B>
yadis@lists.danga.com<BR><B>Cc:</B> Martin Atkins<BR><B>Subject:</B> Re: that
ess in 'https'<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>How about this scheme:<BR><BR>Require IDPs to support serving
both http and https ID URLs, with both<BR>required to map to the same
identity. But relying parties can choose<BR>which to support, so RPs that
do sensitive things will only support<BR>https URLs, while PhpBBs and similar
applications can use the less<BR>secure http
URL.<BR><BR><BR><BR><BR></FONT></P></DIV>
</BODY>
</HTML>