[OpenID] Wiki page: Attempting to document the "Email Addressas OpenId"debate.

Martin Atkins mart at degeneration.co.uk
Mon Feb 12 20:35:48 UTC 2007

Hallam-Baker, Phillip wrote:
>> It's entirely possible for the email address user at example.com 
>> and the JID user at example.com to be owned/controlled by 
>> different people. It is not safe to assume that the two are 
>> the same person without evidence of that. What makes a string 
>> like "user at example.com" an email address is the fact that you 
>> can address email to it. The fact that the two addressing 
>> schemes use similar syntax doesn't help you much.
> On the contrary there is a very high degree of probability that they are the same. 

I suppose I got off the point I was trying to make, which was that 
despite the syntactic similarity there is in practice very little 
carry-over of these names between services. Very few people have the 
same identifier for email, Jabber, SIP, Kerberos, because most email 
providers provide only email, most Jabber providers provide only IM, 
most SIP providers provide only SIP, and Kerberos identifiers aren't 
generally used on the public Internet.

While it's true that you can often assume that there probably won't be a 
collision where two separate people are using the same identifier, you 
can rarely make use of the fact that they are syntactically similar to 
draw comparisons. If OpenID were to use email-style identifers rather 
than HTTP URLs, people would still have to remember that their email 
address is jim at hotmail.com, their Jabber ID is jim at livejournal.com, 
their SIP address is 385364 at fwd.pulver.com and their OpenID identifier 
is jim at myopenid.com. None of these addresses are interchangable.[1]

The syntactic similarity is not useful as long as we can guarantee that 
if a user has the email address user at domain.com they can automatically 
use that as an OpenID identifer without the operator of domain.com 
having to explicitly offer that as a service, and current proposals are 
nowhere near that.

It makes little difference what punctuation characters an identifier 
uses, whether it be dots, at-signs, slashes or crazy equalses, 
parentheses and asterisks (I'm looking at you, XRI!)... the apparent 
usability win of using email-shaped identifiers for OpenID is completely 
moot as long as OpenID is a service distinct from email, as the reality 
is that there are very few multi-service providers.


[1] (with the possible exception of that livejournal.com Jabber ID, 
since LiveJournal also offers email forwarding to paid subscribers. But 
most livejournal.com users aren't paid subscribers, so you can't assume 
that all users will have email addresses of that sort.)

More information about the general mailing list