Map/Normalize Email Address to IdP/OP URL (Was [PROPOSAL] Handle"http://user at example.com" Style Identifiers)

[Dick Hardt]

On 10-Nov-06, at 7:20 AM, David Fuelling wrote:

>> -----Original Message-----
>> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On
>> Behalf
>> Of Jonathan Daugherty
>> # I think that all this discussion about email userid is moving us  
>> off
>> # track.  My original proposal was that the email maps/normalizes  
>> to a
>> # URL of an IdP (the userid is ignored/not used).
>> #
>> # So, 'xyzzy at any.edu' would be treated as if the User had entered
>> # 'http://any.edu' (the URL of their IdP/OP) into the OpenId login
>> # form.
>>
>> Then why not just enter 'http://any.edu' or 'any.edu' instead?
>>
>> --
>>   Jonathan Daugherty
>>   JanRain, Inc.
>
> True, there's almost no difference on the OpenId side.  On the  
> human side,
> email is more familiar to a typical user (e.g., my Dad) who may not  
> know
> to try and strip off the "dad@" part of his email to use with OpenId.
>
> Plus, why do we **not** want OpenId to work with email addresses  
> (assuming
> we maintain the principals of User Centric Identity if we use them?)


I strongly have the view that dad at example.com is a really bad idea.

Your dad is not providing his password to the RP, and should not be  
prompted for his username there.

He should be prompted for the site he wants to get sent to where he  
can then enter his credentials.

This model is something your dad is likely even more familiar with,  
typing in hostname into the address bar. Typing in the site where he  
logs in is what he does at the OpenID prompt.

btw: why is this thread cross posted?

-- Dick