[OpenID] OpenID based on email addresses... Just Works!
Chris Messina
chris.messina at gmail.com
Sun Nov 2 10:57:39 UTC 2008
On Sun, Nov 2, 2008 at 7:10 PM, Ben Laurie <benl at google.com> wrote:
>
> Surely a) EAUT doesn't specify what service is used and b) the use of
> a centralized service is entirely optional.
Correct: the final version of the spec should not specify a central
fallback service. I also think the use of a fallback resolver should
be removed from the spec now that it appears that Google and Yahoo
(and perhaps other large email providers) will be willing to support
email address to OpenID mappings for their members.
Emailtoid.net was developed specifically because we wanted to
demonstrate the concept in CODE rather than just talk about it. I
personally felt that it would be a horrible user experience if a site
advertised the ability to use only an email address to sign in but
that it failed for 99.9999999% of email addresses (hence the fallback
to emailtoid.net).
If we get enough large email providers on board -- or use Google's
hybrid "Best Buy" sign in approach, the need for emailtoid.net goes
away.
> BTW, on EAUT, I notice a bug in the spec - user names can contain
> characters that are not legal in the DNS, so it should specify some
> kind of escaping mechanism.
Normalizing email addresses sounds like a good idea for EAUT.
A lot of web sites have started blocking email addresses with plus
symbols in them. We should absolutely make sure that we escape
extended characters consistently in EAUT.
Chris
--
Chris Messina
Citizen-Participant &
Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
More information about the general
mailing list