[OpenID] Proposal: SMTP service extension for Yadis discovery

Stephen Paul Weber singpolyma at gmail.com
Tue Feb 13 20:32:26 UTC 2007


On 08 Feb 2007 16:38:00 +0100, Claus Färber <claus at faerber.muc.de> wrote:
> Hallo,
> Stephen Paul Weber <singpolyma at gmail.com> schrieb/wrote:
> >> Email-based OpenIDs (or let's call them user at realm-based OpenIDs, which
> >> just resemble email adresses) could be as simple as a convention to map
> >> <user at example.com> to <http://example.com/~user>.
>
> > which would work... but is there a need, since
> > http://user@example.com/ is a legal URL?
>
> It does not work as intended. In http://user@example.com/, "user" is an
> identity suggested to access http://example.com/. A RP could not
> retrieve different information depending on the "user" part wihtout
> knowing the password for each user (which it is supposed not to know).

How so?  The user part is transferred in the HTAUTH headers which the
script can easily read...


More information about the general mailing list