[OpenID] OpenID based on email addresses... Just Works!

Martin Atkins mart at degeneration.co.uk
Thu Oct 30 15:53:30 UTC 2008 

David Fuelling wrote:
> On Thu, Oct 30, 2008 at 5:14 AM, David Recordon <drecordon at sixapart.com 
> <mailto:drecordon at sixapart.com>> wrote:
> 
>     Can you use POBox.com with david at yahoo.com <mailto:david at yahoo.com>?
>      For the added complexity I just don't think it's worth it
>     considering you already can't delegate your email.  If you control
>     the domain then you can choose your Provider, otherwise you're at
>     the mercy of who controls the domain.  Don't like it, then don't use
>     your Yahoo account as your OpenID.  IMHO.
> 
>     --David
> 
> 
> Agreed that if we're at the mercy of the person who controls the domain 
> (in the example above, yahoo.com <http://yahoo.com>).  However, if we 
> don't give domain-owners like Yahoo.com a decent path (a spec?) to allow 
> their users to tie their yahoo.com <http://yahoo.com> (or whatever 
> domain you prefer) email address to an OpenID URL in a different domain, 
> then we're ensuring a future that says email addresses will only be 
> usable if you use the OP of the domain owner.  That doesn't feel very 
> user-centric. 
> 

Users have the freedom to choose an OP. If they use the identifier 
issued to them by Yahoo today they're tied to Yahoo as well.

I don't follow the line of reasoning with this argument. All OpenID 
identifiers are fundamentally based on DNS, the owner of the domain 
you're using will ultimately be in control. Adding email-based 
identifiers into the mix doesn't change this. While I agree that being 
able to unilaterally switch identifiers later would be useful, this is 
not something that's specific to email addresses; it's a more general 
problem with OpenID as it stands today, regardless of what scheme your 
identifier uses.

I will note however that my email-addresses-in-OpenID proposal[1] does 
include a provision for redirecting that has the same behavior as a HTTP 
redirect i.e. it "canonicalizes" the claimed identifier. You can 
redirect from a mailto: URL to a HTTP URL using this mechanism, if you wish.

I will concede that doing this "redirect" at the DNS level does not have 
the full flexibility of the HTTP-based mapping service offered by EAUT, 
but I would also claim that mapping mailto:example at yahoo.com to 
http://sappenin.com/ is a pretty unusual case and not something we 
should be going out of our way to support.


[1] http://www.apparently.me.uk/18285.html

More information about the general mailing list