[OpenID] Wiki page: Attempting to document the "Email Addressas OpenId"debate.
mart at degeneration.co.uk
Mon Feb 12 20:35:48 UTC 2007
Hallam-Baker, Phillip wrote:
>> It's entirely possible for the email address user at example.com
>> and the JID user at example.com to be owned/controlled by
>> different people. It is not safe to assume that the two are
>> the same person without evidence of that. What makes a string
>> like "user at example.com" an email address is the fact that you
>> can address email to it. The fact that the two addressing
>> schemes use similar syntax doesn't help you much.
> On the contrary there is a very high degree of probability that they are the same.
I suppose I got off the point I was trying to make, which was that
despite the syntactic similarity there is in practice very little
carry-over of these names between services. Very few people have the
same identifier for email, Jabber, SIP, Kerberos, because most email
providers provide only email, most Jabber providers provide only IM,
most SIP providers provide only SIP, and Kerberos identifiers aren't
generally used on the public Internet.
While it's true that you can often assume that there probably won't be a
collision where two separate people are using the same identifier, you
can rarely make use of the fact that they are syntactically similar to
draw comparisons. If OpenID were to use email-style identifers rather
than HTTP URLs, people would still have to remember that their email
address is jim at hotmail.com, their Jabber ID is jim at livejournal.com,
their SIP address is 385364 at fwd.pulver.com and their OpenID identifier
is jim at myopenid.com. None of these addresses are interchangable.
The syntactic similarity is not useful as long as we can guarantee that
if a user has the email address user at domain.com they can automatically
use that as an OpenID identifer without the operator of domain.com
having to explicitly offer that as a service, and current proposals are
nowhere near that.
It makes little difference what punctuation characters an identifier
uses, whether it be dots, at-signs, slashes or crazy equalses,
parentheses and asterisks (I'm looking at you, XRI!)... the apparent
usability win of using email-shaped identifiers for OpenID is completely
moot as long as OpenID is a service distinct from email, as the reality
is that there are very few multi-service providers.
 (with the possible exception of that livejournal.com Jabber ID,
since LiveJournal also offers email forwarding to paid subscribers. But
most livejournal.com users aren't paid subscribers, so you can't assume
that all users will have email addresses of that sort.)
More information about the general