0 votesMichael Johas Teener shared this idea ·
That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.
There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.
19 votesAdminChris Messina (Admin, OpenID) responded
Yep, this is possible with OpenID, and folks like Yubikey are already doing this.