[OpenID] FW: PROPOSAL: An Extension to transform an EMail Addressto an OpenId URL
Claus Färber
GMANE at faerber.muc.de
Sun Feb 11 12:19:27 UTC 2007
David Fuelling schrieb:
> Proof of email address ownership is another interesting "fallout" of my
> Email mapping proposal. For example, we know that example.com controls the
> email address "beth at example.com" since the domains are the same. If that
> email address easily resolves to a URL in the example.com domain (e.g.,
> http://beth.example.com) via Yadis and some transform procedure, then this
> in itself is enough to prove that the person who controls that OpenId URL
> http://beth.example.com also controls the email address beth at example.com (or
> else, somebody mis-configured something at example.com). ;)
No, it's proof that a person who controls beth at example.com authorised
persons in control of http://beth.example.com. It is NOT proof that
persons who control http://beth.example.com have any control over the
address beth at example.com.
E.g. http://beth.example.com <=> abeth at example.com (Alice Beth)
http://eth.example.com <=> beth at example.com (Bob Eth)
If the owner of example.com let's the users define the mapping for their
email address, Bob could not only claim http://bob-eth.otherisp.example
but also Alice's http://beth.example.com URL.
(As a real world example, my main provider gives me cfaerber at muc.de and
[www.]muc.de/~cfaerber but also faerber.muc.de and www.faerber.muc.de.)
Claus
More information about the general
mailing list