Using email address as OpenID identifier

Peter Davis peter.davis at neustar.biz
Fri Apr 11 12:38:53 UTC 2008


this discussion, of course, has happened before:

http://openid.net/pipermail/specs/2008-January/002104.html

And paul is correct, IMHO... NAPTR is a better and more flexible way  
to address this.  The original proposal had regex expressions in TXT  
RRs.  which, while not improper, does not have a resolver code base  
to draw from, and some well-laid groundwork for regex processing  
libraries for resolvers to use.

on the other hand, i've never want to use my email address as my  
openID, and you'd have to write a new profile which allowed the OP/RP  
to understand i can prove ownership of the identifier.

=peterd

On Apr 9, 2008, at 2:14 PM, Paul E. Jones wrote:
> James,
>
> I don't think we need SRV records to do this.  NAPTR would suffice,  
> as that
> would allow one to transform one string into another.
>
> But, it seems that there is an overwhelming preference for using  
> some kind
> of string of undetermined structure to identify a user which is not  
> of an
> e-mail format.  (I know there is an intent to use a URI, but most  
> users have
> no idea what a URI is and few really type them properly.)
>
> So, while I still think the form user at provider is better for the user
> world-wide community, I understand the counter-arguments.  And,  
> perhaps I'll
> be proven wrong-- which is OK.
>
> Paul
>
>> -----Original Message-----
>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
>> Behalf Of McGovern, James F (HTSC, IT)
>> Sent: Monday, April 07, 2008 3:21 PM
>> To: specs at openid.net
>> Subject: Using email address as OpenID identifier
>>
>> This would require defining an OpenID SRV record in DNS. Would make
>> sense for someone to get this formally defined as part of IETF. Could
>> kinda be done in the same way that Boeing is moving forward  
>> definition
>> of XRI in LDAP..
>>
>> -----Original Message-----
>>
>> Message: 1
>> Date: Mon, 07 Apr 2008 18:56:57 +0100
>> From: Martin Atkins <mart at degeneration.co.uk>
>> Subject: Re: Using email address as OpenID identifier
>> To: specs at openid.net
>> Message-ID: <47FA6069.1040800 at degeneration.co.uk>
>> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>>
>> Paul E. Jones wrote:
>>>
>>> Perhaps it is important to say, though, that I do not think it
>>> requires the e-mail providers to get on board with this (in my view)
>>> simpler notation.  I could use an ID like paulej at myopenid.com and
>> that
>>
>>> should work, if myopenid.com would publish the appropriate NAPTR
>>> record.  I could also insert NAPTR records into the packetizer.com
>> DNS
>>
>>> server that would allow me to use my email address, but point at my
>>> preferred OpenID provider.  In short, just because the user at domain
>>> syntax is used does not mean that it necessarily an e-mail address:
>> it
>>
>>> could be, but more importantly, it just follows that familiar format
>> documented in RFC 822.
>>>
>>
>> Funnily enough, I've always percieved the fact that syntactically- 
>> valid
>> but non-existant email addresses are being used as identifiers as a
>> problem rather than a benefit:
>>
>>   * It creates confusion for users when something looks like an email
>> address but it doesn't behave as one. I've seen this sort of  
>> confusion
>> with Jabber servers, where users get confused that their Jabber ID  
>> and
>> email address are not the same, especially when Jabber clients say  
>> "For
>> example, user at example.com" under the Jabber ID field.
>>
>>   * If not all email-shaped OpenID identifiers are actually working
>> mailboxes, it's likely to lead to a distressing user experience where
>> the user is first asked to enter their OpenID identifier -- that is,
>> their email address -- and then they're asked to enter and verify  
>> their
>> email address. At this point, I expect users to at best say "Stupid
>> computer! Remember what I've told you!" and at worst get confused and
>> think that the OpenID identifier they entered was not correct.
>>
>>   * As has often been raised in both the OpenID-with-email and in the
>> Jabber circles, many people are reluctant to give up their email
>> addresses to the public eye for fear of spam. Note that Yahoo.com  
>> will,
>> by default, use a big opaque string as an identifier rather than the
>> user's Yahoo! account name for this very reason.
>>
>>
>>
>>
>> ********************************************************************* 
>> **
>> **
>> This communication, including attachments, is
>> for the exclusive use of addressee and may contain proprietary,
>> confidential and/or privileged information.  If you are not the
>> intended
>> recipient, any use, copying, disclosure, dissemination or  
>> distribution
>> is
>> strictly prohibited.  If you are not the intended recipient, please
>> notify
>> the sender immediately by return e-mail, delete this communication  
>> and
>> destroy all copies.
>> ********************************************************************* 
>> **
>> **
>>
>> _______________________________________________
>> specs mailing list
>> specs at openid.net
>> http://openid.net/mailman/listinfo/specs
>>
>
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs




More information about the specs mailing list