Minutes From Meeting Today

Chasen, Les les.chasen at neustar.biz
Mon Jun 26 01:21:19 UTC 2006

You could bind both of these URLs with one iname/inumber.


> -----Original Message-----
> From: yadis-bounces at lists.danga.com
[mailto:yadis-bounces at lists.danga.com]
> On Behalf Of Martin Atkins
> Sent: Sunday, June 25, 2006 9:51 AM
> To: yadis at lists.danga.com
> Subject: Re: Minutes From Meeting Today
> David Strauss wrote:
> > Recordon, David wrote:
> >
> >>- Recommends SSL in certain areas
> >
> >
> > My main concern is how the current spec treats
> > http://getopenid.com/david and https://getopenid.com/david as
> > identities. While I understand how there *could* be exceptions, I
> > both should be treated the same so users can gracefully move to
> > SSL identity pages. I think the lack of SSL-signed identity pages is
> > major weakness in OpenID that allows spoofing to direct
> > to a rogue server.
> >
> I think a better goal would be to figure out a way that users can
> securely migrate from one identity to another, since this comes up in
> more cases than just SSL vs. cleartext HTTP. For example, if I'm using
> username.identityprovider.com URL and I want to migrate to
> myowndomain.com, I currently have no way to prove that the two
> identities are both me.

More information about the yadis mailing list