that ess in 'https'
drecordon at verisign.com
Tue Jun 27 23:29:30 UTC 2006
I'd imagine LiveJournal would never be a compliant IdP then :-\ We can't raise the bar too high for either an IdP or RP. I don't mind as much for IdPs, but still want it to be fairly simple.
From: yadis-bounces at lists.danga.com on behalf of Dag Arneson
Sent: Tue 6/27/2006 4:24 PM
To: yadis at lists.danga.com
Cc: Martin Atkins
Subject: Re: that ess in 'https'
How about this scheme:
Require IDPs to support serving both http and https ID URLs, with both
required to map to the same identity. But relying parties can choose
which to support, so RPs that do sensitive things will only support
https URLs, while PhpBBs and similar applications can use the less
secure http URL.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the yadis