[OpenID] OpenID based on email addresses... Just Works!

Nat Sakimura sakimura at gmail.com
Tue Oct 28 16:22:02 UTC 2008 

Right. I checked it with JanRain PHP Library and it worked as well.
It actually should in other libraries as you point out.
=nat

On Wed, Oct 29, 2008 at 1:14 AM, Andrew Arnott <andrewarnott at gmail.com>wrote:

> I was going through the logs of my test RP<http://nerdbank.org/RP/login.aspx> and
> was surprised to see what looked like the efforts of someone who didn't
> understand how OpenID worked.  One of the attempts included just using a
> Yahoo! email address.  Guess what?!  It worked.
> It worked because (at least in .NET), the URL may validly include a user at portion, as has been discussed on this list recently.  It's just quietly
> dropped.  That left "http://yahoo.com" as the identifier to perform
> discovery on, which of course worked.  To the user, the experience is nearly
> perfect.  They see Yahoo where they must log in, choose an identifier, and
> then return to the RP.  The only weirdness is that although the Claimed
> Identifier will always be right, if for prettiness' sake the RP were to
> display the user-supplied-identifier as the user originally typed it in that
> it might not match who actually logged into Yahoo.
>
> For instance, I can type in yourname at yahoo.com and completely log in, even
> though that's not my email address.  The claimed ID is mine, and that's what
> really matters, but it's a little quirky (from the end user's perspective)
> that I can type in anyone's yahoo email address and it just works.  As a new
> user I may think that I managed to log in as someone else.
>
> Again, I know why all this works based on the spec and my implementation
> of it; I just didn't expect that email discovery would come without at least
> some work (perhaps to trim off the username@ part).  So I was pleasantly
> surprised.
>
> Anyway, something to think about.
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081029/8eed69a9/attachment-0002.htm>

More information about the general mailing list