that ess in 'https'
grant at janrain.com
Tue Jun 27 19:19:25 UTC 2006
On 6/27/06, Martin Atkins <mart at degeneration.co.uk> wrote:
> I think my favourite solution right now is to require relying parties to
> support SSL and then use the existing "canonicalization through
> redirection" feature of OpenID to solve this problem. The problem that
> doesn't address is where an identity provider starts off on cleartext
> and migrates to SSL, which admittedly I don't have a good answer to.
I agree whole heartedly. I'd been wanting to post something to this effect
but hadn't found the time. Thanks Martin!
More information about the yadis