[OpenID] OpenID based on email addresses... Just Works!
Ben Laurie
benl at google.com
Sun Nov 2 11:07:12 UTC 2008
On Sun, Nov 2, 2008 at 10:57 AM, Chris Messina <chris.messina at gmail.com> wrote:
> On Sun, Nov 2, 2008 at 7:10 PM, Ben Laurie <benl at google.com> wrote:
>>
>> Surely a) EAUT doesn't specify what service is used and b) the use of
>> a centralized service is entirely optional.
>
> Correct: the final version of the spec should not specify a central
> fallback service. I also think the use of a fallback resolver should
> be removed from the spec now that it appears that Google and Yahoo
> (and perhaps other large email providers) will be willing to support
> email address to OpenID mappings for their members.
?? Am I missing something? The spec I'm looking at
(http://eaut.org/specs/1.0/) doesn't seem to mention a fallback
resolver.
> Emailtoid.net was developed specifically because we wanted to
> demonstrate the concept in CODE rather than just talk about it. I
> personally felt that it would be a horrible user experience if a site
> advertised the ability to use only an email address to sign in but
> that it failed for 99.9999999% of email addresses (hence the fallback
> to emailtoid.net).
>
> If we get enough large email providers on board -- or use Google's
> hybrid "Best Buy" sign in approach, the need for emailtoid.net goes
> away.
>
>
>> BTW, on EAUT, I notice a bug in the spec - user names can contain
>> characters that are not legal in the DNS, so it should specify some
>> kind of escaping mechanism.
>
> Normalizing email addresses sounds like a good idea for EAUT.
>
> A lot of web sites have started blocking email addresses with plus
> symbols in them. We should absolutely make sure that we escape
> extended characters consistently in EAUT.
Why? That's evil!
More information about the general
mailing list