[OpenID] OpenID Extension to handle Emails Addresses?

Martin Atkins mart at degeneration.co.uk
Thu Oct 30 16:01:34 UTC 2008


David Fuelling wrote:
> 
> I would even entertain the notion of the OpenID extension doing DNS 
> lookup first, then EAUT, though I need to think more on the topic.  
> Alternatively, maybe we make DNS optional.
> 

At this point I'll throw in my more recent post about why DNS must be 
supported and must be the primary mode, with others as fallback:

http://www.apparently.me.uk/18285.html

However, I wouldn't necessarily object to putting the *EAUT* information 
  in the DNS rather than the OpenID information directly. The two things 
I care most about at this point are:

  * DNS must be consulted first, for the reasons I go into in that post.
  * In the case where an email address is the claimed_identifier, the 
OpenID request must have openid.identity set to mailto:theemailaddress, 
not the mapped HTTP identifer. (In other words, this is an extension to 
OpenID *Discovery*; the rest of the protocol is unchanged.)

The finer points of how we get there don't bother me that much. Being 
able to optionally redirect email addresses to URLs just as we can 
currently redirect URLs to other URLs would be good and consistent with 
the OpenID model that exists today. Preserving the ability to do 
delegation would be good so that I can use email addresses in my vanity 
domain without running my own OP.




More information about the specs mailing list