On Mon, 2008-03-10 at 11:27 +0100, Oliver Welter wrote: > 1) Is an individual session dedicated to an Identifier/OP Combo, or is a > secret/session used for different Identifiers which are served by the > same OP?
Associations are for a pair of (RP, OP), usable for any communication between them regardless of identifier. > 2) Is support of "No-Encryption over TLS" mandatory for each RP? An RP that does not work when asked to communicate with an HTTPS endpoint does not have a fully compliant installation of the protocol. However, there do exist a number of these installations in the wild. _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs