SSL comes to claimID
August 31st, 2007 - Terrell RussellOur users have asked for this for a while - and we’re glad to finally see it out of development.
We’re happy to announce that we’ve got SSL enabled now at claimID.com. You should be able to login to your existing account at https://claimID.com. Those of you reading who don’t already have an account can register with the knowledge that there’s nobody in the middle watching your password. Additionally, the change_password page is encrypted as well.
We’ve chosen to only enable a few points of the site - where your password is used. The rest of the site (and your OpenID URLs, most importantly) have not changed. This is important because your OpenID is your login to other sites - and a change from http to https would effectively change who you are at those other sites. But fear not - you’re still you.
Thanks to everyone who asked for this. It’s been a long time coming.
September 3rd, 2007 at 1:43 am
[...] a related note there was this announcement about ClaimID.com now supporting HTTPS. I would have assumed that it already [...]
November 23rd, 2007 at 6:53 pm
It strikes me as a design flaw of OpenID to differentiate between https and http blindly.
In fact, I am amazed that it does not REQUIRE https at all times. But I guess that is a problem that a lot of people have with OpenID.
November 24th, 2007 at 3:10 am
Marcus,
That was heavily discussed through the design phase of OpenID - and is left as an implementation detail to the providers for many reasons. As the ecosystem around OpenID continues to mature, the service providers will be expected to uphold a level of service (probably including SSL/https).