Using email address as OpenID identifier

Paul E. Jones paulej at packetizer.com
Wed Apr 9 18:14:01 UTC 2008


James,

I don't think we need SRV records to do this.  NAPTR would suffice, as that
would allow one to transform one string into another.

But, it seems that there is an overwhelming preference for using some kind
of string of undetermined structure to identify a user which is not of an
e-mail format.  (I know there is an intent to use a URI, but most users have
no idea what a URI is and few really type them properly.)

So, while I still think the form user at provider is better for the user
world-wide community, I understand the counter-arguments.  And, perhaps I'll
be proven wrong-- which is OK.

Paul

> -----Original Message-----
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
> Behalf Of McGovern, James F (HTSC, IT)
> Sent: Monday, April 07, 2008 3:21 PM
> To: specs at openid.net
> Subject: Using email address as OpenID identifier
> 
> This would require defining an OpenID SRV record in DNS. Would make
> sense for someone to get this formally defined as part of IETF. Could
> kinda be done in the same way that Boeing is moving forward definition
> of XRI in LDAP..
> 
> -----Original Message-----
> 
> Message: 1
> Date: Mon, 07 Apr 2008 18:56:57 +0100
> From: Martin Atkins <mart at degeneration.co.uk>
> Subject: Re: Using email address as OpenID identifier
> To: specs at openid.net
> Message-ID: <47FA6069.1040800 at degeneration.co.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> Paul E. Jones wrote:
> >
> > Perhaps it is important to say, though, that I do not think it
> > requires the e-mail providers to get on board with this (in my view)
> > simpler notation.  I could use an ID like paulej at myopenid.com and
> that
> 
> > should work, if myopenid.com would publish the appropriate NAPTR
> > record.  I could also insert NAPTR records into the packetizer.com
> DNS
> 
> > server that would allow me to use my email address, but point at my
> > preferred OpenID provider.  In short, just because the user at domain
> > syntax is used does not mean that it necessarily an e-mail address:
> it
> 
> > could be, but more importantly, it just follows that familiar format
> documented in RFC 822.
> >
> 
> Funnily enough, I've always percieved the fact that syntactically-valid
> but non-existant email addresses are being used as identifiers as a
> problem rather than a benefit:
> 
>   * It creates confusion for users when something looks like an email
> address but it doesn't behave as one. I've seen this sort of confusion
> with Jabber servers, where users get confused that their Jabber ID and
> email address are not the same, especially when Jabber clients say "For
> example, user at example.com" under the Jabber ID field.
> 
>   * If not all email-shaped OpenID identifiers are actually working
> mailboxes, it's likely to lead to a distressing user experience where
> the user is first asked to enter their OpenID identifier -- that is,
> their email address -- and then they're asked to enter and verify their
> email address. At this point, I expect users to at best say "Stupid
> computer! Remember what I've told you!" and at worst get confused and
> think that the OpenID identifier they entered was not correct.
> 
>   * As has often been raised in both the OpenID-with-email and in the
> Jabber circles, many people are reluctant to give up their email
> addresses to the public eye for fear of spam. Note that Yahoo.com will,
> by default, use a big opaque string as an identifier rather than the
> user's Yahoo! account name for this very reason.
> 
> 
> 
> 
> ***********************************************************************
> **
> This communication, including attachments, is
> for the exclusive use of addressee and may contain proprietary,
> confidential and/or privileged information.  If you are not the
> intended
> recipient, any use, copying, disclosure, dissemination or distribution
> is
> strictly prohibited.  If you are not the intended recipient, please
> notify
> the sender immediately by return e-mail, delete this communication and
> destroy all copies.
> ***********************************************************************
> **
> 
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
> 





More information about the specs mailing list