[OpenID] OpenID based on email addresses... Just Works!

Steven Livingstone-Perez weblivz at hotmail.com
Thu Oct 30 12:56:27 UTC 2008 

I also find it odd as I'd quite like to have a durable identifier, but not
only do I have multiple emails, I tend to change emails relatively often and
I'm happy to share it using AX/SREG if/when I wish.

 

Be interested in how an OpenID using my email as a primary identifier would
work if I wanted to change it.

 

I do like an email account being used to discover an OpenID right enough, if
every email mapped to an openid - user at domain.com -> user.domain.com or
domain.com/user - from what I can see it doesn't even need to be a real
email address. so long as the mapping can be done.

 

>From what I have read you're really just talking about making it easier for
the user to enter an OpenID rather than changing how it works.. I mean
surely entering weblivz at hotmail.com can easily map to an OpenID
weblivz.hotmail.com

 

From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
Behalf Of Andrew Arnott
Sent: 30 October 2008 12:37
To: Ben Laurie
Cc: david at sixapart.com; OpenID List
Subject: Re: [OpenID] OpenID based on email addresses... Just Works!

 

I'm surprised no one has brought this up, but remember that having people
log into RPs using their email address is giving away a very personal bit of
information that I'd like to hide more than give away.  On another thread
concern was expressed over allowing OpenID to accidentally reveal the
preferred language of a user.  Well to me I think email address is far more
concerning.  

 

Of course an RP may want an email address and AX or SREG is a great way to
get it, but that's always the user's decision while at the OP or later at
the RP, and isn't a mandatory step to even initiate the login process.

On Thu, Oct 30, 2008 at 3:00 AM, Ben Laurie <benl at google.com> wrote:

On Thu, Oct 30, 2008 at 7:07 AM, Chris Messina <chris.messina at gmail.com>
wrote:
> On Thu, Oct 30, 2008 at 4:14 PM, David Recordon <drecordon at sixapart.com>
wrote:
>> Can you use POBox.com with david at yahoo.com?  For the added complexity I
just
>> don't think it's worth it considering you already can't delegate your
email.
>>  If you control the domain then you can choose your Provider, otherwise
>> you're at the mercy of who controls the domain.  Don't like it, then
don't
>> use your Yahoo account as your OpenID.  IMHO.
>> --David
>
> I'm coming around to this perspective.
>
> While maximal flexibility would be ideal for "delegating email
> addresses", I'm willing to compromise to find the simplest, easiest,
> quickest and least costliest path to adoption.
>
> While the mapping concept is a worthwhile one technologically, I think
> that trying to push all the freedoms that you get with URL-based
> OpenIDs into email addresses could be a losing proposition.
>
> If we can support email addresses with maximal flexibility with
> minimal costs, great, but from what I've seen of how changes actually
> get made, changing the OpenID spec as little as possible is the best
> way forward.
>
> It sounds like the OpenID.identity approach might be the best way to
> make this happen, pronto, without mucking with DNS and so on.

What is "the OpenID.identity approach"?


> Remember, email addresses today aren't really explicitly supported by
> the spec; the goal should be to make that a possibility with as little
> effort as possible.

It seems to me that there's a couple of things to consider:

1. Often the RP actually wants an email address, because it wants to
be able to communicate with the user. This can be solved with AX, of
course _but_ I suspect users will be confused by having to give an
"email address" that isn't actually their email address.

2. It seems that its possible to do a pretty good job with just the
domain - the email address is just a way to get the user to tell you
what the domain is so discovery can start.

Obviously discovery is a prerequisite, though.


>
> Chris
>
> --
> Chris Messina
> Citizen-Participant &
>  Open Technology Advocate-at-Large
> factoryjoe.com # diso-project.org
> citizenagency.com # vidoop.com
> This email is:   [ ] bloggable    [X] ask first   [ ] private
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081030/d21e4118/attachment-0001.htm>

More information about the general mailing list