[OpenID] Combining Google & Yahoo user experience research

Chris Messina chris.messina at gmail.com
Wed Oct 15 03:49:08 UTC 2008 

Can I take a poll? With all this talk about email address
mapping/translation -- I'm curious -- how many of you have actually read the
EAUT (email address to URL translation) spec?
http://eaut.org/specs/1.0/

It seems like much of this conversation (the productive bits) could be had
on the EAUT list [1], in order to move things forward and get the spec in a
form that could be taken into an OpenID Extension, which could then pave the
way for 1) establishing extension creation protocol and 2) make the spec
ready for wider deployment/adoption.

Not that all this talk of DNS and XRI isn't compelling, but I was hoping
that we might get a solution in place before I turn 40.

Chris

P.S. I was born in 1981.

[1] http://groups.google.com/group/eaut

On Tue, Oct 14, 2008 at 8:32 PM, Brandon Ramirez <
brandon.s.ramirez at gmail.com> wrote:

> It's more than just request -> response.  It's also an intriguing model for
> information resolution,  where the trust is centralized, but then delegated
> out.
>
> Why shouldn't it be used for identity resolution as well?  An identity
> (even more so from a computer's perspective) is merely a small set of data
> with a chain of trust - just like most DNS lookups.
>
>
> On Tue, Oct 14, 2008 at 10:45 PM, Martin Atkins <mart at degeneration.co.uk>wrote:
>
>> SitG Admin wrote:
>> >
>> >> Putting it in DNS doesn't change the user-centricness, it just changes
>> >> the means of publication.
>> >
>> > I disagree here; to use military terminology here (as learned from
>> > analyses of Trusted Computing) for a moment, your DNS server is not a
>> > Trusted party for your personal information! IT does not have access to
>> > your personal information; YOU do. If a spammer (or stalker) wants to
>> > learn where you live (so they have a physical address for snailmail spam
>> > or home invasion), they cannot simply ask the DNS server where you live,
>> > because the DNS server does not possess that information - they MUST
>> > contact you, the user, directly, and in the process of making that
>> > request they not only make you (the user) aware of it, but provoke the
>> > distinct possibility that you will simply refuse to tell them!
>> >
>> > Your reply also suggested, though, that this level of control *can* be
>> > present in DNS, which intrigues me :)
>> >
>>
>> I was not suggesting that you should put your physical address or
>> telephone number in DNS, just that you can publish in DNS information
>> about how that information might be obtained, much as you publish on
>> your web site how that information might be obtained.
>>
>> I'd also like to point out that HTTP URLs are themselves dependent on
>> DNS. All you gain by publishing this information over HTTP rather than
>> DNS is a couple more layers of indirection. I can't control my identity
>> page on MyOpenID any more than I can control the contents of the
>> myopenid.com DNS zone.
>>
>> Additionally, since DNS is a request->response protocol just like HTTP,
>> there's no technical reason why you can't log requests and refuse to
>> talk to certain clients if you wish. The domain name system is not magic.
>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081014/5a259f00/attachment-0002.htm>

More information about the general mailing list