WebFinger at Google
Paul E. Jones
paulej at packetizer.com
Tue Mar 23 19:39:40 UTC 2010
John,
Note that this means the user would not be logged in as bob at gmail.com, but
instead as https://www.google.com/profiles/3234234234234234. (Since step 6
doesn't know anything about steps 1-5.) I think this has obvious usability
issues.
Note that the OP cannot return acct:bob at gmail.com
<mailto:acct%3Abob at gmail.com> as the claimed_id because the claimed_id has
to be an openid, and under this proposal acct:bob at gmail.com
<mailto:acct%3Abob at gmail.com> isn't an OpenID. So the RP _might_ be able
to retain both the entered (pre-normalized) identifier and the final
claimed_id, and display the former to the user and the user's friends, but
it seems complicated and unwieldy.
I'm not really sure what to do about the fact that the real OpenID
identifier is something nearly impossible to remember. Perhaps one might
argue that "that's not the way it's supposed to be." :-) Shouldn't the
OpenID ID's - even as HTTP(S) URIs - still be somewhat memorable? That said,
does it really matter? If the user always logs in with an email ID that is
converted using Webfinger into the real OpenID ID, the process is always the
same.
I would strongly suggest not trying to hide the OpenID ID or make it hard to
remember. Why not https://openid.google.com/bob? That's likely easier to
remember. So, is your concern with the user having to potentially remember
two IDs, or the fact that one is impossible to remember? :-)
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100323/a9aa639b/attachment.htm>
More information about the specs
mailing list