Email Address to URL Transformation
Paul E. Jones
paulej at packetizer.com
Fri Jan 29 02:48:56 UTC 2010
Shade,
> >If we assume web finger will be used to advertise the user's OpenID
> >provider, it would appear in the XRD document. So, a Relaying Party
> might
> >query google.com and get an XRD document for me that points to
> yahoo.com for
>
> Which is all well and fine if you trust google.com; standard
> complications, such as trust issues and MultiAuth and the
> nonfeasibility of having users remember their cosignature
> fingerprints, apply.
I would not need to trust Google, per se. If I'm trying to log into
Slashdot, for example, and provide my gmail address and I do not get
directed to my Yahoo login page, then I know something is wrong. Google
would not be acting as a security proxy of any sort. They would merely tell
Slashdot where my OP login page is.
> >I'm still not clear on what you are suggesting. That's not to mean
> you
> >don't have an interesting idea, but I do not understand the proposal
> and how
> >it would be better than using data inside XRD documents.
>
> I'm not addressing that part, though I'm agnostic about whether the
> query returns an XRD document or a GET string. I'm thinking more
> along the lines of joint ownership as multiple sponsors; i.e., a
> blogger accepts offers from Google *and* Yahoo (not to declare
> exclusive loyalty to either interest) for, if not advertising rights,
> perhaps just the Identity group each has formed to try leveraging
> OpenID (like Microsoft recognizes experts with MVPS - and offers them
> webhosting at mvps.org), assuming they ever do start something like
> that.
>
> Or a particular website/community might be started as a joint venture
> between otherwise competing companies, but point back to some
> combination of those company's sites for OpenID instead of handling
> the hosting itself. Which is basic delegation; I think what I'm
> seeing here is more of a particular use-case to try bridging between
> the walled gardens, than any new application of the proposed
> technology.
I'm still confused. The blog or this joint venture site could accept any
OpenID identifier and would accept logins for the user associated with that
identifier. The user could provide an ID that is in the Yahoo domain, the
Google domain, or even his own domain.
Can you show me a specific example of the kind of problem you're trying to
solve? That might help me out.
Paul
More information about the specs
mailing list