Hi All,I am a reaerch assistant and working on the field of trusted computing and privacy protection and currently evaluate benefits of OpenID and TC-Infrastructures.
One thing that is unclear for me from the spec, is about the association secret / session.
1) Is an individual session dedicated to an Identifier/OP Combo, or is a secret/session used for different Identifiers which are served by the same OP?
2) Is support of "No-Encryption over TLS" mandatory for each RP? TIA Oliver -- Protect your environment - close windows and adopt a penguin! PGP-Key: 3B2C 8095 A7DF 8BB5 2CFF 8168 CAB7 B0DD 3985 1721
signature.asc
Description: OpenPGP digital signature
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs