[OpenID] The Various Methods For "user at domain.com" Style Identifiers

Peter Williams pwilliams at rapattoni.com
Mon Mar 23 00:19:49 UTC 2009 

That's fine, of course. There is no new flow.

An RP may not accept any user-supplied value other than what is supposed to be an http: form URL as an openid (or some specified contractions of an http URL), which must then be normalized. But that's a conformance detail. If one is using elements of an RFC822 email name as a contraction of an http-style locator for the XRDS - which introduces the OP endpoint (aka locates an OP endpoint ...supporting directed id) - we are in normal behaviour.

The way you phrased it originally, I was seeing

1st  level of "OP" that mapped RFC822 name form to http url, using some kind of directed identity dynamics/handling/protocol run of openid auth to help the user choose which http OP identifier  to release as a synonym for the RFC822 email domain

2nd level of OP that issues assertions (based on further directed id resolution by the user, at the OP).

1st level appeared in the original phrasing be some new kind of URL redirector service for OP Identifiers where an email domain could "support directed id" for choosing an OP Identifier

...which would all have clearly been beyond the material in the finalized specification.

From: Andrew Arnott [mailto:andrewarnott at gmail.com]
Sent: Sunday, March 22, 2009 4:26 PM
To: Peter Williams
Cc: David Nicol; Dmitry Shechtman; Recordon, David; yadis at lists.danga.com; general at openid.net
Subject: Re: [OpenID] The Various Methods For "user at domain.com" Style Identifiers

I wasn't explaining anything that should be new, Peter, so perhaps my words were unclear.  The RP performs discovery on the email address, which is a legal URL.  The user@ portion is dropped implicitly, leaving nothing but the domain.  The RP pulls at that URL, and if the HTTP response includes an XRDS document or reference that describes an OP directed identity-supporting endpoint, the RP directs the user to the appropriate OP url.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire

On Sun, Mar 22, 2009 at 4:23 PM, Peter Williams <pwilliams at rapattoni.com<mailto:pwilliams at rapattoni.com>> wrote:

First time I've heard of an entity other than an OP performing the  directed identity "protocol"



...If an email address domain name supports directed identity



...redirects the user to the OP,



Is this a standardized flow in openid?



If such a flow is  not laid out in the spec, it doesn't have the (relative) IP protections of other finalized materials.



From: general-bounces at openid.net<mailto:general-bounces at openid.net> [mailto:general-bounces at openid.net<mailto:general-bounces at openid.net>] On Behalf Of Andrew Arnott
Sent: Sunday, March 22, 2009 4:13 PM
To: David Nicol
Cc: Dmitry Shechtman; Recordon, David; yadis at lists.danga.com<mailto:yadis at lists.danga.com>; general at openid.net<mailto:general at openid.net>

Subject: Re: [OpenID] The Various Methods For "user at domain.com<mailto:user at domain.com>" Style Identifiers



This comes up periodically.  The last time it did, it ended with: "it already works, via directed identity."  If an email address domain name supports directed identity, then a user can type his/her own email address, and it (becoming equivalent to just the domain name of that email address) redirects the user to the OP, where the identifier can be decided on and the assertion sent back to the RP.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire

On Sun, Mar 22, 2009 at 3:26 PM, David Nicol <davidnicol at gmail.com<mailto:davidnicol at gmail.com>> wrote:

I am for an approach of leaving all systems as they are now and adding
a convention, provided by some openID identity service, that maps
e-mail addresses into openID urls, and then trying to popularize that
service, or the various services conforming to the to-be-proposed
convention,  so that when someone types joe at example.com<mailto:joe at example.com> into the
openID slot the identity widget offers joe a choice of
http://smtp.openid.tipjar.com/example.com/joe and a few other similar
services suggesting the rewritten versions.
_______________________________________________
general mailing list
general at openid.net<mailto:general at openid.net>
http://openid.net/mailman/listinfo/general



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090322/b94a5d59/attachment-0002.htm>

More information about the general mailing list