OpenID Extension to handle Emails Addresses?

David Fuelling sappenin at gmail.com
Thu Oct 30 15:42:34 UTC 2008


Wondering if it makes sense to talk about an OpenID Extension to handle
email address, as opposed to changing the core spec?

My thinking here is that EAUT could be used to solve much of this problem,
but that an OpenID extension is required to add extra value.  So, here's how
I would see such an extension working.

   1. User presents an email-address at an RP.
   2. EAUT is used to transform the email address into a URL.
   3. If EAUT succeeds, then use that URL as an OpenID (possibly doing
   Directed Identity, possibly not).
   4. If EAUT fails, then fail.

That's where EAUT ends.  However, in the OpenID world, I could see striking
#4, and adding one or more of the following:

   1. If EAUT fails, then attempt directed identity on the
http://domain.tldof the email address.
   2. If that fails, look in the DNS for more hints per Martin's
   proposals[1]

I would even entertain the notion of the OpenID extension doing DNS lookup
first, then EAUT, though I need to think more on the topic.  Alternatively,
maybe we make DNS optional.

Is this line of thinking (discussing an OpenID Extension to handle email
addresses) premature?

David

[1] http://www.apparently.me.uk/18285.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20081030/5e821e14/attachment-0002.htm>


More information about the specs mailing list