PROPOSAL: An Extension to transform an EMail Address to an OpenId URL

[David Fuelling]

Hey List,

Here's a proposed openid *extension* I wrote up that details how to
transform an SMTP Email Address into an OpenId URL that can be used in the
existing OpenID Auth 2.0 protocol.

BENEFITS
--------
1.) Allows Users to login to an RP using an email address.

2.) Provides a flexible methodology for *domain owners* to tell RP's how to
deal with an email address. 

3.) Allows RP's to verify that a given OpenId URL owns a given email
address, and can work even if the user performs Initiation via a URL (the
latter requires OpenId Attribute Exchange (AX) in order for the RP to
retrieve the email address).

4.) Assures privacy for users who choose not to use an email address as a
User-Supplied Input at the RP -- The transform protocol is one-way (meaning
an RP needs an email address first to discover a corresponding OpenId URL).
Using a Claimed Identifier to discover an email address is not guaranteed to
work, and most likely will not work.

I know there are some in the community who consider "letting the user use an
email address to login to an RP" a bad idea -- however, I don't think this
debate was ever fully resolved.  At any rate, this is why I am proposing
this as an extension.  If an OP/RP doesn't want to use this, they don't have
to.   

I appreciate any and all feedback!

Thanks!

David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070209/e73fbeb8/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-email-transform-extension-1_0.xml
Type: text/xml
Size: 42823 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20070209/e73fbeb8/attachment-0002.bin>