[PROPOSAL] Handle "http://user at example.com" Style Identifiers
Martin Atkins
mart at degeneration.co.uk
Fri Nov 10 07:40:32 UTC 2006
David Fuelling wrote:
>> -----Original Message-----
>> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
>> Behalf Of Martin Atkins
>> Sent: Thursday, November 09, 2006 5:36 PM
>> To: general at openid.net
>> Subject: Re: [PROPOSAL] Handle "http://user@example.com" Style Identifiers
>>
>> Sometimes these things will be character-for-character identical to a
>> given email address by coincidence, but there's no way to enforce this
>> nor any guarantee that the user controlling http://blah@example.com/ is
>> the same user that controls mailto:blah at example.com.
>>
>
> Can you provide an example (real or otherwise) of such a scenario? Do you
> really envision any domain owner giving 'http://blah@example.com' to one
> person, whilst giving 'mailto:blah at example.com' to a different user?
>
In addition to the other examples given by others,
I provide email addresses to some of my friends, but I don't provide
them with corresponding OpenID identities. By an unfortunate twist of
fate, the domain I provide these addresses in is also my website, and
since my site doesn't require authentication the WWW-Authenticate header
is ignored. Consequently, http://anyusername@mydomain.com/ will end up
at *my* website, not the website of the person who uses
anyusername at mydomain.com.
More information about the general
mailing list