[OpenID] The Various Methods For "user at domain.com" Style Identifiers
Andrew Arnott
andrewarnott at gmail.com
Sun Mar 22 23:25:59 UTC 2009
I wasn't explaining anything that should be new, Peter, so perhaps my words
were unclear. The RP performs discovery on the email address, which is a
legal URL. The user@ portion is dropped implicitly, leaving nothing but the
domain. The RP pulls at that URL, and if the HTTP response includes an XRDS
document or reference that describes an OP directed identity-supporting
endpoint, the RP directs the user to the appropriate OP url.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire
On Sun, Mar 22, 2009 at 4:23 PM, Peter Williams <pwilliams at rapattoni.com>wrote:
> First time I’ve heard of an entity other than an OP performing the
> directed identity “protocol”
>
>
>
> …If an email address domain name supports directed identity
>
>
>
> …redirects the user to the OP,
>
>
>
> Is this a standardized flow in openid?
>
>
>
> If such a flow is not laid out in the spec, it doesn’t have the (relative)
> IP protections of other finalized materials.
>
>
>
> *From:* general-bounces at openid.net [mailto:general-bounces at openid.net] *On
> Behalf Of *Andrew Arnott
> *Sent:* Sunday, March 22, 2009 4:13 PM
> *To:* David Nicol
> *Cc:* Dmitry Shechtman; Recordon, David; yadis at lists.danga.com;
> general at openid.net
>
> *Subject:* Re: [OpenID] The Various Methods For "user at domain.com" Style
> Identifiers
>
>
>
> This comes up periodically. The last time it did, it ended with: "it
> already works, via directed identity." If an email address domain name
> supports directed identity, then a user can type his/her own email address,
> and it (becoming equivalent to just the domain name of that email address)
> redirects the user to the OP, where the identifier can be decided on and the
> assertion sent back to the RP.
>
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - Voltaire
>
> On Sun, Mar 22, 2009 at 3:26 PM, David Nicol <davidnicol at gmail.com>
> wrote:
>
> I am for an approach of leaving all systems as they are now and adding
> a convention, provided by some openID identity service, that maps
> e-mail addresses into openID urls, and then trying to popularize that
> service, or the various services conforming to the to-be-proposed
> convention, so that when someone types joe at example.com into the
> openID slot the identity widget offers joe a choice of
> http://smtp.openid.tipjar.com/example.com/joe and a few other similar
> services suggesting the rewritten versions.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090322/0a655783/attachment-0002.htm>
More information about the general
mailing list