[OpenID] OpenID based on email addresses... Just Works!

Chris Messina chris.messina at gmail.com
Wed Oct 29 13:08:31 UTC 2008 

I blogged about emails as OpenID "hints" (among other things) earlier today:

http://tr.im/openid_oxymoron

Chris

On Wed, Oct 29, 2008 at 3:22 AM, Nat Sakimura <sakimura at gmail.com> wrote:
> Right. I checked it with JanRain PHP Library and it worked as well.
> It actually should in other libraries as you point out.
> =nat
>
> On Wed, Oct 29, 2008 at 1:14 AM, Andrew Arnott <andrewarnott at gmail.com>
> wrote:
>>
>> I was going through the logs of my test RP and was surprised to see what
>> looked like the efforts of someone who didn't understand how OpenID worked.
>>  One of the attempts included just using a Yahoo! email address.  Guess
>> what?!  It worked.
>> It worked because (at least in .NET), the URL may validly include a user@
>> portion, as has been discussed on this list recently.  It's just quietly
>> dropped.  That left "http://yahoo.com" as the identifier to perform
>> discovery on, which of course worked.  To the user, the experience is nearly
>> perfect.  They see Yahoo where they must log in, choose an identifier, and
>> then return to the RP.  The only weirdness is that although the Claimed
>> Identifier will always be right, if for prettiness' sake the RP were to
>> display the user-supplied-identifier as the user originally typed it in that
>> it might not match who actually logged into Yahoo.
>> For instance, I can type in yourname at yahoo.com and completely log in, even
>> though that's not my email address.  The claimed ID is mine, and that's what
>> really matters, but it's a little quirky (from the end user's perspective)
>> that I can type in anyone's yahoo email address and it just works.  As a new
>> user I may think that I managed to log in as someone else.
>> Again, I know why all this works based on the spec and my implementation
>> of it; I just didn't expect that email discovery would come without at least
>> some work (perhaps to trim off the username@ part).  So I was pleasantly
>> surprised.
>> Anyway, something to think about.
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
>
> --
> Nat Sakimura (=nat)
> http://www.sakimura.org/en/
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>



-- 
Chris Messina
Citizen-Participant &
  Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private

More information about the general mailing list