[OpenID] Combining Google & Yahoo user experience research
Johannes Ernst
jernst+openid.net at netmesh.us
Wed Oct 15 05:26:02 UTC 2008
What about you charter EAUT as a proper OpenID workgroup, and then we
talk? ;-)
I really don't understand why it is not if you are serious about going
in that direction ...
On Oct 14, 2008, at 20:49 , Chris Messina wrote:
> Can I take a poll? With all this talk about email address mapping/
> translation -- I'm curious -- how many of you have actually read the
> EAUT (email address to URL translation) spec?
>
> http://eaut.org/specs/1.0/
>
> It seems like much of this conversation (the productive bits) could
> be had on the EAUT list [1], in order to move things forward and get
> the spec in a form that could be taken into an OpenID Extension,
> which could then pave the way for 1) establishing extension creation
> protocol and 2) make the spec ready for wider deployment/adoption.
>
> Not that all this talk of DNS and XRI isn't compelling, but I was
> hoping that we might get a solution in place before I turn 40.
>
> Chris
>
> P.S. I was born in 1981.
>
> [1] http://groups.google.com/group/eaut
>
> On Tue, Oct 14, 2008 at 8:32 PM, Brandon Ramirez <brandon.s.ramirez at gmail.com
> > wrote:
> It's more than just request -> response. It's also an intriguing
> model for information resolution, where the trust is centralized,
> but then delegated out.
>
> Why shouldn't it be used for identity resolution as well? An
> identity (even more so from a computer's perspective) is merely a
> small set of data with a chain of trust - just like most DNS lookups.
>
>
> On Tue, Oct 14, 2008 at 10:45 PM, Martin Atkins <mart at degeneration.co.uk
> > wrote:
> SitG Admin wrote:
> >
> >> Putting it in DNS doesn't change the user-centricness, it just
> changes
> >> the means of publication.
> >
> > I disagree here; to use military terminology here (as learned from
> > analyses of Trusted Computing) for a moment, your DNS server is
> not a
> > Trusted party for your personal information! IT does not have
> access to
> > your personal information; YOU do. If a spammer (or stalker) wants
> to
> > learn where you live (so they have a physical address for
> snailmail spam
> > or home invasion), they cannot simply ask the DNS server where you
> live,
> > because the DNS server does not possess that information - they MUST
> > contact you, the user, directly, and in the process of making that
> > request they not only make you (the user) aware of it, but provoke
> the
> > distinct possibility that you will simply refuse to tell them!
> >
> > Your reply also suggested, though, that this level of control
> *can* be
> > present in DNS, which intrigues me :)
> >
>
> I was not suggesting that you should put your physical address or
> telephone number in DNS, just that you can publish in DNS information
> about how that information might be obtained, much as you publish on
> your web site how that information might be obtained.
>
> I'd also like to point out that HTTP URLs are themselves dependent on
> DNS. All you gain by publishing this information over HTTP rather than
> DNS is a couple more layers of indirection. I can't control my
> identity
> page on MyOpenID any more than I can control the contents of the
> myopenid.com DNS zone.
>
> Additionally, since DNS is a request->response protocol just like
> HTTP,
> there's no technical reason why you can't log requests and refuse to
> talk to certain clients if you wish. The domain name system is not
> magic.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
>
> --
> Chris Messina
> Citizen-Participant &
> Open Technology Advocate-at-Large
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is: [ ] bloggable [X] ask first [ ] private
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081014/c5262d01/attachment-0002.htm>
More information about the general
mailing list