[OpenID] OpenID based on email addresses... Just Works!

John Panzer jpanzer at acm.org
Thu Oct 30 06:52:44 UTC 2008


David Recordon wrote:
> Yeah, I think this general approach with the addition of knowing it is 
> an email,
Or Jabber ID.
> doing directed identity, and passing the email as OpenID.identity is a 
> good one. I really prefer to find a simple solution that doesn't 
> involve running a mapping service or mucking with DNS.
+1

BTW, http://user@example.org/ is a perfectly valid URI.  Not sure why it 
could not be passed in the openid.identity field. 

(Some versions of IE won't pass the user part if the URI is dereferenced 
in that browser; that's a local security decision made by IE though, not 
a general issue with this type of URI.)
>
> ---
> Sent from my iPhone Classic.
>
> On Oct 29, 2008, at 7:44 AM, "Andrew Arnott" <andrewarnott at gmail.com 
> <mailto:andrewarnott at gmail.com>> wrote:
>
>> This method does use directed identity, but as such it does 
>> not provide the email address in the openid.identity field and it 
>> would be contrary to the spec to do so.  Perhaps though you were 
>> suggesting that a future version support this?  (I would be in favor 
>> of investigating this as well).  
>>
>> On Wed, Oct 29, 2008 at 7:20 AM, David Recordon 
>> <drecordon at sixapart.com <mailto:drecordon at sixapart.com>> wrote:
>>
>>     I'm a fan of this method, basically doing the directed identity
>>     flow and passing the user input (daveman692 at yahoo.com
>>     <mailto:daveman692 at yahoo.com>) in as openid.identity in the request.
>>
>>     --David
>>
>>     On Oct 28, 2008, at 9:14 AM, Andrew Arnott wrote:
>>
>>>     I was going through the logs of my test RP
>>>     <http://nerdbank.org/RP/login.aspx> and was surprised to see
>>>     what looked like the efforts of someone who didn't understand
>>>     how OpenID worked.  One of the attempts included just using a
>>>     Yahoo! email address.  Guess what?!  It worked.
>>>
>>>     It worked because (at least in .NET), the URL may validly
>>>     include a user@ portion, as has been discussed on this list
>>>     recently.  It's just quietly dropped.  That left
>>>     "http://yahoo.com" as the identifier to perform discovery on,
>>>     which of course worked.  To the user, the experience is nearly
>>>     perfect.  They see Yahoo where they must log in, choose an
>>>     identifier, and then return to the RP.  The only weirdness is
>>>     that although the Claimed Identifier will always be right, if
>>>     for prettiness' sake the RP were to display the
>>>     user-supplied-identifier as the user originally typed it in that
>>>     it might not match who actually logged into Yahoo.  
>>>
>>>     For instance, I can type in yourname at yahoo.com
>>>     <mailto:yourname at yahoo.com> and completely log in, even though
>>>     that's not my email address.  The claimed ID is mine, and that's
>>>     what really matters, but it's a little quirky (from the end
>>>     user's perspective) that I can type in anyone's yahoo email
>>>     address and it just works.  As a new user I may think that I
>>>     managed to log in as someone else. 
>>>
>>>     Again, I know why all this works based on the spec and my
>>>     implementation of it; I just didn't expect that email discovery
>>>     would come without at least some work (perhaps to trim off the
>>>     username@ part).  So I was pleasantly surprised.
>>>
>>>     Anyway, something to think about.
>>>     _______________________________________________
>>>     general mailing list
>>>     general at openid.net <mailto:general at openid.net>
>>>     http://openid.net/mailman/listinfo/general
>>
>>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081029/ccaebaa1/attachment-0002.htm>


More information about the general mailing list