that ess in 'https'
Recordon, David
drecordon at verisign.com
Tue Jun 27 23:29:30 UTC 2006
I'd imagine LiveJournal would never be a compliant IdP then :-\ We can't raise the bar too high for either an IdP or RP. I don't mind as much for IdPs, but still want it to be fairly simple.
--David
________________________________
From: yadis-bounces at lists.danga.com on behalf of Dag Arneson
Sent: Tue 6/27/2006 4:24 PM
To: yadis at lists.danga.com
Cc: Martin Atkins
Subject: Re: that ess in 'https'
How about this scheme:
Require IDPs to support serving both http and https ID URLs, with both
required to map to the same identity. But relying parties can choose
which to support, so RPs that do sensitive things will only support
https URLs, while PhpBBs and similar applications can use the less
secure http URL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.danga.com/pipermail/yadis/attachments/20060627/476d6f2c/attachment.html
More information about the yadis
mailing list