[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Allen Tom
atom at yahoo-inc.com
Wed Oct 22 02:25:09 UTC 2008
Johnny Bufu wrote:
> On Tue, Oct 21, 2008 at 08:58:54AM -0700, Andrew Arnott wrote:
>
>> Why do we have to have http(s)://username at mailhost.com at all? It's a funky
>> and unnecessary syntax. Why can't an OpenID 3.x RP simply transport
>> username at mailhost.com into https://mailhost.com and do discovery on that to
>> find the provider endpoint, then use the username in the email as the
>> local_id parameter, or alternatively just use directed identity. Since this
>> email would be a new support, I'd mandate https.
>>
Sadly, not all email providers support HTTPS on their TLD, but requiring
HTTPS for discovery is a good idea.
I do think that it would be pretty straightforward to just chop off
everything after the @, and perform discovery on the domain of the email
address.
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081021/bbcd6f30/attachment-0002.htm>
More information about the general
mailing list