Ideas

We want your OpenID Ideas! Think you’ve come up with a way to improve OpenID? Recognize a good idea when you see one? We want to hear from you!

My idea is ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Encourage OpenID supported websites to have SSL option

    Alot of websites that support OpenID do not use SSL (https://), instead they only have the unsecured http://. My idea is, work with the existing and also new OpenID supported websites and encourage them to setup an https:// version of their website. For example, facebook's url could be https://www.facebook.com. The websites don't have to use https as their default url because SSL is a bit slower. But by having an SSL option it will mean OpenID users will have their info encrypted and it lowers the security risks with OpenID.

    310 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Forgot password?
    Create a password
    Signed in as (Sign out)
    Close
    Close
    You have left! (?) (thinking…)
    96 comments  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  AdminChris Messina (Admin, OpenID) responded

    That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.

    There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.

  • Don't see your idea?

Ideas

Feedback and Knowledge Base

(thinking…)