Using email address as OpenID identifier
Eran Hammer-Lahav
eran at hueniverse.com
Wed Apr 2 02:42:52 UTC 2008
The beauty of the current OpenID spec is that anyone can implement it and go live. However, with email identifiers you need email providers to support it. If Google, Yahoo, AOL, or Microsoft announced they are adding such a feature, I am sure the others are likely to follow. Get 2 of these 4 and you've got something going. But the biggest issue is not picking a standard but finding a company willing to put something out there.
As for the technical solutions, there are many from DNS to XRDS to a simple template agreed by all. Brad Fitzpatrick argued at FooCamp that this is not an OpenID issue, but a non-HTTP URI --> HTTP URI conversation. Basically if you had a generic way of moving from mailto:user at example.com to http://example.com/url/user (or any other URI with HTTP, the domain, and the user), any URI can be used for OpenID.
But at the end this is about someone of a major email provider saying they are interested and put out something people can use. After that I expect the snowball to roll. So, do you know anyone? :)
EHL
From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf Of Paul E. Jones
Sent: Tuesday, April 01, 2008 10:31 PM
To: specs at openid.net
Subject: Using email address as OpenID identifier
Folks,
I've seen discussion here and there on the use of the e-mail address as the OpenID identifier. Perhaps this one says it best:
http://www.majordojo.com/2007/02/what-openid-needs.php
I share many of same opinions. If OpenID is going to be practically usable by the average person, we cannot require the person to remember some very complex identifier. When I signed up for Yahoo's OpenID service, it presented me with a hideously ugly URL that looked similar to a base64-encoded string. I could not begin to tell you what it was. Fortunately, Yahoo allowed me to define my own, friendlier name. Still, the ID is not one that the average user will remember or get right.
While the e-mail address does not have to be the one's ID, it can certainly serve as an alias. Suppose, for example, that the DNS records at Yahoo contained the following entry:
yahoo.com. IN NAPTR 100 10 "U" "OpenID2" "^(.+)@(.*)$!https://me.yahoo.com/\1!i"
This would allow a Relaying Party to accept an e-mail address and perform a simple transformation to get the "real" URL identifier. Of course, this does not mean that the existing URL or XRI identifiers are invalid, nor does it mean that the "email address" has to be a real e-mail address. But, this form would certainly be far simpler for most people to deal use.
If something like this has been discussed and rejected, what was the reason?
Thanks,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080401/0293a8d1/attachment-0002.htm>
More information about the specs
mailing list