that ess in 'https'

Dag Arneson dag at
Tue Jun 27 23:24:22 UTC 2006

How about this scheme:

Require IDPs to support serving both http and https ID URLs, with both 
required to map to the same identity.  But relying parties can choose 
which to support, so RPs that do sensitive things will only support 
https URLs, while PhpBBs and similar applications can use the less 
secure http URL.

More information about the yadis mailing list