Ideas

We want your OpenID Ideas! Think you’ve come up with a way to improve OpenID? Recognize a good idea when you see one? We want to hear from you!

  1. Encourage OpenID supported websites to have SSL option

    Alot of websites that support OpenID do not use SSL (https://), instead they only have the unsecured http://. My idea is, work with the existing and also new OpenID supported websites and encourage them to setup an https:// version of their website. For example, facebook's url could be https://www.facebook.com. The websites don't have to use https as their default url because SSL is a bit slower. But by having an SSL option it will mean OpenID users will have their info encrypted and it lowers the security risks with OpenID.

    310 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    96 comments  ·  Flag idea as inappropriate…  ·  Admin →

    That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.

    There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.

  • Don't see your idea?

Ideas

Feedback and Knowledge Base