Kevin Fenzi <kevin@xxxxxxxxx> writes: > On Thu, Feb 03, 2022 at 07:16:01AM -0800, Jan Staněk wrote: > > Hi list, > > > > tl;dr: Why is the Fedora ID server using HTTP communication by default? > > Fedora openid is using http because long ago when we started offering > openid users were 'http://username.id.fedoraproject.org' and thus were > tied to this identity. If we changed it, everyone using that openid > would be a new different person to whoever they were authenticating. That makes sense – thanks for the explanation! > Some things to note: > > * openid is old, most places have dropped it. > ... > > really these days you want to move to OIDC or the like. Probably, but this is not a new app, and given it's projected lifespan, I do not consider it worthwhile to redo the authentication method. Thanks for the insight! -- Jan Staněk Software Engineer, Red Hat jstanek@xxxxxxxxxx irc: jstanek
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
