[OpenID] OpenID based on email addresses... Just Works!
Ben Laurie
benl at google.com
Sun Nov 2 10:10:48 UTC 2008
On Sun, Nov 2, 2008 at 1:03 AM, Chris Messina <chris.messina at gmail.com> wrote:
> On Fri, Oct 31, 2008 at 3:41 AM, David Fuelling <sappenin at gmail.com> wrote:
>
>> The problem with using the mailto: schemed identifier as the
>> "claimed_identifier" is that it is not "commonly resolvable" in the same way
>> that a URL is. It requires a "mapping scheme" (like EAUT) or some other
>> translation mechanism (DNS lookup?), which isn't built into common software
>> like the web-browser, my blackberry, my iPhone, my Tivo, the space shuttle,
>> etc.
>>
>> Firefox aside, I think it will be an uphill battle to try to get a mailto:
>> schemed identifier to be supported on all the various platforms out there.
>> We should be sticking to URLs as identifiers, which is why mapping the email
>> address to a URL seems like a better plan than using the mailto: scheme as a
>> new form of OpenID Identifier.
>
> +1
>
>> I know there are good arguements for/against -- this is a years-old
>> debate....but I think it's essentially what we're disagreeing about --
>> should the email address be the OpenID, or should it just map to an OpenID.
>
> Because OpenID is a building block technology, I think that what an RP
> should receive as the result of an OpenID transaction is a claimed
> URL, with other data (like an email addresses) provided via discovery
> or other mechanisms like SREG or AX (which is what Google is doing).
>
> This is also why I have strong concerns about XRI in OpenID as
> first-class citizens, since, like email, you cannot [currently]
> resolve them to anything without going through a centralized service
> (in EAUT's case, that service is emailtoid.net, designed, mind you,
> for obsolescence).
Surely a) EAUT doesn't specify what service is used and b) the use of
a centralized service is entirely optional.
BTW, on EAUT, I notice a bug in the spec - user names can contain
characters that are not legal in the DNS, so it should specify some
kind of escaping mechanism.
More information about the general
mailing list