[OpenID] FW: PROPOSAL: An Extension to transform an EMail Addressto an OpenId URL
sappenin at gmail.com
Mon Feb 12 03:23:57 UTC 2007
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Claus Färber
> David Fuelling schrieb:
>> Proof of email address ownership is another interesting "fallout" of my
>> Email mapping proposal. For example, we know that example.com controls
>> the email address "beth at example.com" since the domains are the same. If
>> that email address easily resolves to a URL in the example.com domain
>> (e.g., http://beth.example.com) via Yadis and some transform procedure,
>> then this in itself is enough to prove that the person who controls that
>> OpenId URL http://beth.example.com also controls the email address
>> beth at example.com (or else, somebody mis-configured something at
>> example.com). ;)
> No, it's proof that a person who controls beth at example.com authorised
> persons in control of http://beth.example.com. It is NOT proof that
> persons who control http://beth.example.com have any control over the
> address beth at example.com.
I'm not sure I follow you here. Whichever administrator controls the
example.com domain should be in control of the URL's and the email addresses
that sit in the example.com domain.
> E.g. http://beth.example.com <=> abeth at example.com (Alice Beth)
> http://eth.example.com <=> beth at example.com (Bob Eth)
> If the owner of example.com let's the users define the mapping for their
> email address, Bob could not only claim http://bob-eth.otherisp.example
> but also Alice's http://beth.example.com URL.
Yes, but that's not what I was envisioning. For this to work, the domain
owner (whomever controls example.com) would need to specify a mapping in a
Yadis/XRDS document accessible at the root of example.com. Users would
either have the choice of using that mapping, or advertising a delegation.
For example beth at example.com resolves to http://example.com for discovery
(via my mapping extension), which results in an XRDS doc that contains an
Email Transform Template:
RP's see this and know how to get the OpenId URL that maps to
beth at example.com (i.e., http://beth.example.com).
The rest is handled by OpenId Auth 2.0 today. For example, the RP then
performs discovery on http://beth.example.com to see if that URL is
delegating to a different domain of if that URL uses some link at
example.com as an IdP. For example, the discovered Yadis/XRDS doc
accessible at http://beth.example.com might contain the following, which
would delegate to sappenin.com:
There is now a direct link that proves whomever utilizes/controls
http://beth.sappenin.com is the one who owns/controls beth at example.com.
More information about the general