[OpenID] OpenID based on email addresses... Just Works!

Steven Livingstone-Perez weblivz at hotmail.com
Sat Nov 1 10:32:02 UTC 2008 

> How does OpenID using anything as your primary identifier work if youwant
to change it?


Btw, just to update on this fwiw. There is currently a feature request in
stackoverflow.com [1] to allow changing of your OpenID provider - it is
actually the highest requested feature update (and is planned for
implementation), so seems like the users want this.

steven
http://livz.org


[1] http://stackoverflow.uservoice.com/

-----Original Message-----
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Steven Livingstone-Perez
Sent: 30 October 2008 13:14
To: 'Ben Laurie'
Cc: 'OpenID List'
Subject: Re: [OpenID] OpenID based on email addresses... Just Works!

I saw that coming Ben and it's a fair point.

When I do consultancy with various places they give me an email.

I may share that email with their systems that require an OpenID - but I'd
rather tie it to my independent OpenID. That way, if I register with a
system that continues to be valuable to me when I leave that company
(government systems being a good example) I can simply change the email but
maintain my identity.

Of course you may argue why not change the identity to the new email rather
then? I just don't like changing primary identifiers in this manner due to
side effects in other systems etc.

-----Original Message-----
From: Ben Laurie [mailto:benl at google.com] 
Sent: 30 October 2008 12:58
To: Steven Livingstone-Perez
Cc: Andrew Arnott; OpenID List
Subject: Re: [OpenID] OpenID based on email addresses... Just Works!

On Thu, Oct 30, 2008 at 12:56 PM, Steven Livingstone-Perez
<weblivz at hotmail.com> wrote:
> I also find it odd as I'd quite like to have a durable identifier, but not
> only do I have multiple emails, I tend to change emails relatively often
and
> I'm happy to share it using AX/SREG if/when I wish.
>
>
>
> Be interested in how an OpenID using my email as a primary identifier
would
> work if I wanted to change it.

How does OpenID using anything as your primary identifier work if you
want to change it?

>
>
>
> I do like an email account being used to discover an OpenID right enough,
if
> every email mapped to an openid - user at domain.com -> user.domain.com or
> domain.com/user - from what I can see it doesn't even need to be a real
> email address. so long as the mapping can be done.
>
>
>
> From what I have read you're really just talking about making it easier
for
> the user to enter an OpenID rather than changing how it works.. I mean
> surely entering weblivz at hotmail.com can easily map to an OpenID
> weblivz.hotmail.com
>
>
>
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Andrew Arnott
> Sent: 30 October 2008 12:37
> To: Ben Laurie
> Cc: david at sixapart.com; OpenID List
> Subject: Re: [OpenID] OpenID based on email addresses... Just Works!
>
>
>
> I'm surprised no one has brought this up, but remember that having people
> log into RPs using their email address is giving away a very personal bit
of
> information that I'd like to hide more than give away.  On another thread
> concern was expressed over allowing OpenID to accidentally reveal the
> preferred language of a user.  Well to me I think email address is far
more
> concerning.
>
>
>
> Of course an RP may want an email address and AX or SREG is a great way to
> get it, but that's always the user's decision while at the OP or later at
> the RP, and isn't a mandatory step to even initiate the login process.
>
> On Thu, Oct 30, 2008 at 3:00 AM, Ben Laurie <benl at google.com> wrote:
>
> On Thu, Oct 30, 2008 at 7:07 AM, Chris Messina <chris.messina at gmail.com>
> wrote:
>> On Thu, Oct 30, 2008 at 4:14 PM, David Recordon <drecordon at sixapart.com>
>> wrote:
>>> Can you use POBox.com with david at yahoo.com?  For the added complexity I
>>> just
>>> don't think it's worth it considering you already can't delegate your
>>> email.
>>>  If you control the domain then you can choose your Provider, otherwise
>>> you're at the mercy of who controls the domain.  Don't like it, then
>>> don't
>>> use your Yahoo account as your OpenID.  IMHO.
>>> --David
>>
>> I'm coming around to this perspective.
>>
>> While maximal flexibility would be ideal for "delegating email
>> addresses", I'm willing to compromise to find the simplest, easiest,
>> quickest and least costliest path to adoption.
>>
>> While the mapping concept is a worthwhile one technologically, I think
>> that trying to push all the freedoms that you get with URL-based
>> OpenIDs into email addresses could be a losing proposition.
>>
>> If we can support email addresses with maximal flexibility with
>> minimal costs, great, but from what I've seen of how changes actually
>> get made, changing the OpenID spec as little as possible is the best
>> way forward.
>>
>> It sounds like the OpenID.identity approach might be the best way to
>> make this happen, pronto, without mucking with DNS and so on.
>
> What is "the OpenID.identity approach"?
>
>> Remember, email addresses today aren't really explicitly supported by
>> the spec; the goal should be to make that a possibility with as little
>> effort as possible.
>
> It seems to me that there's a couple of things to consider:
>
> 1. Often the RP actually wants an email address, because it wants to
> be able to communicate with the user. This can be solved with AX, of
> course _but_ I suspect users will be confused by having to give an
> "email address" that isn't actually their email address.
>
> 2. It seems that its possible to do a pretty good job with just the
> domain - the email address is just a way to get the user to tell you
> what the domain is so discovery can start.
>
> Obviously discovery is a prerequisite, though.
>
>>
>> Chris
>>
>> --
>> Chris Messina
>> Citizen-Participant &
>>  Open Technology Advocate-at-Large
>> factoryjoe.com # diso-project.org
>> citizenagency.com # vidoop.com
>> This email is:   [ ] bloggable    [X] ask first   [ ] private
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

More information about the general mailing list