[OpenID] Relationship of OpenID URLs and e-mail addresses

Martin Atkins mart at degeneration.co.uk
Wed Apr 4 18:04:24 UTC 2007


Hamish Allan wrote:
> On 4/4/07, Brendan O'Connor <openid at ussjoin.com> wrote:
> 
>> It seems to me like this would be a way both to have email contact with
>> people whom you know only by OpenID
> 
> Exactly. I want to people to be able to contact me through my
> identity; and importantly, I want them to have to use their identity.
> If spammers want to send email this way, they will have to find a
> provider to vouch for them, and such providers can be blacklisted.
> 

I wrote a little about this in my blog the other day:

     <http://www.apparently.me.uk/7496.html>

It's not really clear how direct person-to-person messaging would work, 
though. My draft protocol only allows for person-to-person-via-website 
and website-to-person. This — how to do OpenID Authentication outside of 
the context of webapps — is a problem that keeps coming up and one for 
which we still don't have a satisfactory solution.

My gut feeling right now is that the solution lies in some protocol for 
directly fetching a signature from the IdP without the redirect dance. 
That way the HTTP authentication bindings I've partially speced, or some 
SASL bindings in a similar vein, could be used from desktop apps for 
authentication.





More information about the general mailing list