[OpenID] OpenID Extension to handle Emails Addresses?
mart at degeneration.co.uk
Thu Oct 30 16:01:34 UTC 2008
David Fuelling wrote:
> I would even entertain the notion of the OpenID extension doing DNS
> lookup first, then EAUT, though I need to think more on the topic.
> Alternatively, maybe we make DNS optional.
At this point I'll throw in my more recent post about why DNS must be
supported and must be the primary mode, with others as fallback:
However, I wouldn't necessarily object to putting the *EAUT* information
in the DNS rather than the OpenID information directly. The two things
I care most about at this point are:
* DNS must be consulted first, for the reasons I go into in that post.
* In the case where an email address is the claimed_identifier, the
OpenID request must have openid.identity set to mailto:theemailaddress,
not the mapped HTTP identifer. (In other words, this is an extension to
OpenID *Discovery*; the rest of the protocol is unchanged.)
The finer points of how we get there don't bother me that much. Being
able to optionally redirect email addresses to URLs just as we can
currently redirect URLs to other URLs would be good and consistent with
the OpenID model that exists today. Preserving the ability to do
delegation would be good so that I can use email addresses in my vanity
domain without running my own OP.
More information about the specs