HTTPS Identities - How to run openid server properly?
Lukas Rosenstock
inbox at lukasrosenstock.net
Tue Sep 5 22:15:51 UTC 2006
Am 04.09.2006, 20:13 Uhr, schrieb Carl Howells <chowells at janrain.com>:
> That's not true at all. If the identity URL isn't https, the relying
> party can't verify that it's actually connected to to the correct
> identity page to get identity information. Without being certain of the
> identity information, you can't be certain of the rest, either.
Okay, I didn't think about that.
Now I understand the importance of this discussion.
More information about the yadis
mailing list