|Open||None||T66475 Make crosswiki bits and pieces truly global (tracking)|
|Open||None||T15631 Wikimedia should become an OpenID provider|
|Open||None||T31254 [SUGGESTION] Expose group memberships for query through OpenID teams extension|
|Declined||Wikinaut||T25735 Allow different user grouping for OpenID users|
|Declined||None||T61631 Enable Facebook login on Wikimedia wikis|
|Open||None||T11604 Get OpenID extension to a state where it could be used on Wikimedia projects as a provider|
|Invalid||Wikinaut||T59478 MediaWiki as OpenID server: make $wgOpenIDTrustRoot protocol-independent|
The question is, whether making it protocol-independent is really safe.
We are talking about the server-side implementation (MediaWiki as OpenID Server).
When the MediaWiki can be accessed via http: _and_ https: in the same way, then the consumer should trust one of them - not both, because the server could deliver different services, depending whether it is accessed via http or https.
So I changed my mind and think, that the $wgOpenIDTrustRoot value should _always_ reflect the actual way, a consumer has authenticated.
Closing as INVALID.