HTTPS Identities - How to run openid server properly?

Lukas Rosenstock inbox at lukasrosenstock.net
Tue Sep 5 22:15:51 UTC 2006


Am 04.09.2006, 20:13 Uhr, schrieb Carl Howells <chowells at janrain.com>:

> That's not true at all.  If the identity URL isn't https, the relying  
> party can't verify that it's actually connected to to the correct  
> identity page to get identity information.  Without being certain of the  
> identity information, you can't be certain of the rest, either.

Okay, I didn't think about that.
Now I understand the importance of this discussion.


More information about the yadis mailing list