[OpenID] Email as Identity
Paul Austin
mail-lists at revolsys.com
Sun Mar 23 23:51:27 UTC 2008
I'm new to openid and as far as I can see a user's identify is a URL to
a web site which an openid secure web site can use to authenticate a user.
What I was wondering if any thought had been given to using an email as
the identity for a user. In this approach there would need to be a way
to link an email address to the web page to authenticate a user. What I
was thinking is you could use an extension to the DNS records such as
used by the Sender Policy Framework (SPF)
http://en.wikipedia.org/wiki/Sender_Policy_Framework. This DNS TXT entry
would have a URL to which the email address could be passed to to
authenticate the user. This might look something like this
mydomain.com. IN TXT "v=openid2 auth=http://login.mydomain.com"
Then when a openid secured web server receives an email address as an
identity it would look up the DNS (if not already cached) for the open
id TXT record and find the openID authentication url and to add the
email to that and use it as the identity.
For example:
me at mydomain.com
would become
http://login.mydomain.com?email=me@mydomain.com
The advantage of this approach is that it is easy for a user to remember
there identity as it's their email and would also be simple to implement
on both sides.
This suggestion would be an extension to the current method of
identities rather than to replace it.
Any comments suggestions?
Cheers,
Paul
More information about the general
mailing list