[OpenID] [LIKELY_SPAM]Re: OpenID based on email addresses... Just Works!

[Martin Atkins]

Peter Williams wrote:
> I don't like this dependency on DNS.
> 
> The average use COULD edit an XRDS file, and stick it on any webserver. The average user cannot edit a registered domain resource attributes, or run an walled garden DNS server.

If a user is unable to tinker with DNS, my implementation supports 
falling back on Yadis discovery.

My goal with this approach was to try to get the best of all worlds in 
the simplest way possible.

* The single-address-via-DNS mode supports delegation, preserving this 
useful ability for small deployments like vanity domains.
* The whole-domain-via-DNS mode supports hosting providers and companies 
that outsource their email/DNS to a different company than to whom they 
outsource their website.
* The whole-domain-via-Yadis mode supports smaller organisations or 
other users who are for one reason or another unable to alter their DNS.

My other compromise was to use DNS TXT records rather than anything more 
crazy since those users who *are* able to fiddle with their DNS are 
often limited to only A, CNAME, MX and TXT records.

This approach is only used when an email address is entered, which for 
the purposes of my implementation is a string which contains at least 
one non-@ followed by and @ followed by at least one non=@. If the user 
enters just a domain, it normalizes to a URL and discovery proceeds as 
described in the 2.0 spec.