[OpenID] OpenID based on email addresses... Just Works!

David Fuelling sappenin at gmail.com
Thu Oct 30 16:02:40 UTC 2008 

On Thu, Oct 30, 2008 at 3:53 PM, Martin Atkins <mart at degeneration.co.uk>wrote:

> Users have the freedom to choose an OP. If they use the identifier issued
> to them by Yahoo today they're tied to Yahoo as well.
>
> I don't follow the line of reasoning with this argument. All OpenID
> identifiers are fundamentally based on DNS, the owner of the domain you're
> using will ultimately be in control. Adding email-based identifiers into the
> mix doesn't change this. While I agree that being able to unilaterally
> switch identifiers later would be useful, this is not something that's
> specific to email addresses; it's a more general problem with OpenID as it
> stands today, regardless of what scheme your identifier uses.
>

This line of reasoning doesn't make sense if you're thinking of an email
address as a "1st-Class" OpenID.  However, if your OpenID is really an XRI
or URL (only), then your email address becomes a surrogate for your OpenID,
or a pointer.  That's why email addresses are a special case -- today
they're not really OpenID's, so if we're going to start using them "like"
openId's, then we need to add a lot of flexibility into the mechanism so
that (at a domain owner's discretion, and the discretion of user controling
a particular email address in that domain) any particular email address can
be a surrogate for any of that user's OpenIDs.

Besides, with OpenID 2.0, I can use a particular URL (e.g.,
http://openid.sappenin.com/david) but it really "maps" to my acutal OpenID (
http://sappenin.myopenid.com).  It seems odd that so many people are arguing
to take away this feature of OpenIDs when it comes to email addresses.


>
> I will note however that my email-addresses-in-OpenID proposal[1] does
> include a provision for redirecting that has the same behavior as a HTTP
> redirect i.e. it "canonicalizes" the claimed identifier. You can redirect
> from a mailto: URL to a HTTP URL using this mechanism, if you wish.
>

I'm open to some of this -- see my other message about an OpenID Extension
to support email addresses.


>
> I will concede that doing this "redirect" at the DNS level does not have
> the full flexibility of the HTTP-based mapping service offered by EAUT, but
> I would also claim that mapping mailto:example at yahoo.com to
> http://sappenin.com/ is a pretty unusual case and not something we should
> be going out of our way to support.


I fully disagree.  I do this currently with my OpenID.  Why wouldn't I do it
with my email address?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081030/57633a99/attachment-0002.htm>

More information about the general mailing list