On Thu, Oct 30, 2008 at 4:01 PM, Martin Atkins <span dir="ltr"><<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">David Fuelling wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
I would even entertain the notion of the OpenID extension doing DNS lookup first, then EAUT, though I need to think more on the topic. Alternatively, maybe we make DNS optional.<br>
<br>
</blockquote>
<br></div>
At this point I'll throw in my more recent post about why DNS must be supported and must be the primary mode, with others as fallback:<div class="Ih2E3d"><br>
<br>
<a href="http://www.apparently.me.uk/18285.html" target="_blank">http://www.apparently.me.uk/18285.html</a><br>
<br></div>
</blockquote><div><br>Very interesting points in your blog post!! It has me wondering the following questions:<br><br><ol><li>The arguments about using DNS could apply to OpenID in general. However, OpenID doesn't do anything with DNS. Why is this? What were the compelling reasons to not use DNS with OpenID? Is there an FAQ page somewhere about that? I have only vague recollections on the topic.<br>
</li><li>Do some of the larger email providers have an opinion on the mechanism used for "Discovery" in the email case? For instance, would Google/Yahoo/etc prefer that DNS be consulted first, or that some HTTP-based discovery be consulted first? Do they even care?</li>
</ol> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">However, I wouldn't necessarily object to putting the *EAUT* information in the DNS rather than the OpenID information directly. The two things I care most about at this point are:<br>
<br>
* DNS must be consulted first, for the reasons I go into in that post.<br>
* In the case where an email address is the claimed_identifier, the OpenID request must have openid.identity set to mailto:<a href="mailto:theemailaddress" target="_blank">theemailaddress</a>, not the mapped HTTP identifer. (In other words, this is an extension to OpenID *Discovery*; the rest of the protocol is unchanged.)</blockquote>
<div><br>What if the user actually wants their URL to be the claimed identifier? Would you be open to that?<br></div></div><br><br>