On 9-Nov-06, at 7:45 AM, Rowan Kerr wrote: > On Wed, 2006-11-08 at 00:42 -0800, Dick Hardt wrote: >>> -----Original Message----- >>> From: Recordon, David >>> >>> But the security warnings will still exist: >>> - RP redirects me to http on IdP >>> - IdP redirects me to https on IdP for login page (warning) >> >> no warning on GET redirects > > If GET is going to be an acceptable method for responses, the spec > should be updated. Section 5.2.1. HTTP Redirect states: > > This method is deprecated as of OpenID Authentication version > 2.0 though is still required for implementation to aide in > backwards compatibility.
To clarify, the GET redirect that I am referring to is one to is to the same host. We moved to a POST between RP and OP so that we could move more data. -- Dick _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs