Map/Normalize Email Address to IdP/OP URL (Was [PROPOSAL] Handle"http://user at example.com" Style Identifiers)
Dick Hardt
dick at sxip.com
Sun Nov 12 22:41:41 UTC 2006
On 10-Nov-06, at 10:05 AM, David Fuelling wrote:
>> -----Original Message-----
>> From: Dick Hardt [mailto:dick at sxip.com]
>> Sent: Friday, November 10, 2006 11:28 AM
>> To: David Fuelling
>> Cc: specs at openid.net; general at openid.net
>> Subject: Re: Map/Normalize Email Address to IdP/OP URL (Was
>> [PROPOSAL]
>> Handle"http://user@example.com" Style Identifiers)
>>
>> I strongly have the view that dad at example.com is a really bad idea.
>>
>> Your dad is not providing his password to the RP, and should not be
>> prompted for his username there.
>>
>> He should be prompted for the site he wants to get sent to where he
>> can then enter his credentials.
>>
>> This model is something your dad is likely even more familiar with,
>> typing in hostname into the address bar. Typing in the site where he
>> logs in is what he does at the OpenID prompt.
>>
>> btw: why is this thread cross posted?
>>
>> -- Dick
>
> Dick,
>
> Valid points. I'm curious to know:
>
> 1.) Do you think 'email address normalizing to IdP URL [ignore
> userid]'
> would qualify as an OpenId extension (i.e., could it "ride on top"
> of the
> current protocol)?
>
> 2.) Would you have the same objections if this were an extension,
> but not in
> the formal spec?
I think it is far to contentious to even consider putting into OpenID
Authentication.
I'd like to hear counter points to the issues I brought up.
Technically we could do the address normalization etc., but the
issues are primarily the User Experience at the RP. Perhaps you can
show the screen shot that a user will see when they are going to
login and we can approach it from that perspective?
-- Dick
More information about the specs
mailing list