[OpenID] Relationship of OpenID URLs and e-mail addresses
Martin Atkins
mart at degeneration.co.uk
Wed Apr 4 18:04:24 UTC 2007
Hamish Allan wrote:
> On 4/4/07, Brendan O'Connor <openid at ussjoin.com> wrote:
>
>> It seems to me like this would be a way both to have email contact with
>> people whom you know only by OpenID
>
> Exactly. I want to people to be able to contact me through my
> identity; and importantly, I want them to have to use their identity.
> If spammers want to send email this way, they will have to find a
> provider to vouch for them, and such providers can be blacklisted.
>
I wrote a little about this in my blog the other day:
<http://www.apparently.me.uk/7496.html>
It's not really clear how direct person-to-person messaging would work,
though. My draft protocol only allows for person-to-person-via-website
and website-to-person. This — how to do OpenID Authentication outside of
the context of webapps — is a problem that keeps coming up and one for
which we still don't have a satisfactory solution.
My gut feeling right now is that the solution lies in some protocol for
directly fetching a signature from the IdP without the redirect dance.
That way the HTTP authentication bindings I've partially speced, or some
SASL bindings in a similar vein, could be used from desktop apps for
authentication.
More information about the general
mailing list