that ess in 'https'

Grant Monroe grant at
Tue Jun 27 19:19:25 UTC 2006

On 6/27/06, Martin Atkins <mart at> wrote:
> I think my favourite solution right now is to require relying parties to
> support SSL and then use the existing "canonicalization through
> redirection" feature of OpenID to solve this problem. The problem that
> doesn't address is where an identity provider starts off on cleartext
> and migrates to SSL, which admittedly I don't have a good answer to.

I agree whole heartedly. I'd been wanting to post something to this effect
but hadn't found the time. Thanks Martin!

 Grant Monroe
 JanRain, Inc.

More information about the yadis mailing list