[OpenID] Relationship of OpenID URLs and e-mail addresses
Johannes Ernst
jernst+openid.net at netmesh.us
Tue Apr 3 17:01:06 UTC 2007
Assume you are hosting millions of e-mail addresses for your
customers, like
<username>@example.com.
Now you decide to also become an OpenID Provider for your customers.
It would be straightforward to automatically create an OpenID for
each of your users, e.g. like
http://openid.example.com/<username>
Every spammer in the world will realize that this is how the scheme
works, and they will harvest all URLs on the net that start with
http://openid.example.com and spam the heck out of your users. Right?
However, having different <username> components for e-mail and OpenID
is more complex (e.g. how do I explain this to mass-market customers?
How many users will bother to pick a new handle for their OpenID?)
Does anybody have any ideas how to best solve this conundrum?
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-authenticated.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070403/03a6fac5/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070403/03a6fac5/attachment-0005.gif>
-------------- next part --------------
http://netmesh.info/jernst
More information about the general
mailing list