[OpenID] Your OpenID is destined to be your email address

Mon Mar 30 15:53:31 UTC 2009

Seeing how everything is going instant message (1-to-1 tweets, Facebook-only
messages, etc.) it seems odd to tie a technology so deeply to
something as "olden
days" as email.

I think a lot of people will say "email, what's that?" in a not too
distant future,
if not already.

On Mon, Mar 30, 2009 at 6:21 AM, Martin Paljak <martin at paljak.pri.ee> wrote:
> Actually I'd like to see some disposable e-mail provider set up a disposable
> OpenID provider which would provide a "verified" e-mail with OpenID
> responses. Something like mailinator.com + http://www.jkg.in/openid/ (now
> defunct)
>
> Mechanisms for verifying ownership of e-mail addresses or functioning of
> e-mail addresses can vary as well. There must not be a direct relationship
> between a verified e-mail address and an OpenID.
>
> For example, in Estonia we have a thing called "@eesti.ee e-mail address"
>  (read more http://www.id.ee/?id=11110&&langchange=1 ) which is a forwarding
> service provided by the government IT infrastructure. You can reach me on
> martin.paljak at eesti.ee for example. The connection between me and this
> e-mail address is very "hard coded" and verified, so I could say that
> openid.ee, the OpenID service we run in Estonia, provides *verified e-mail
> addresses* only. Not all people have the forwarding configured (meaning you
> can't reach the owner via this e-mail) but the fact that I own the address
> is verified. But sometimes I'd like to use some other e-mail address with
> the same OpenID, like martin at paljak.pri.ee. My OP, openid.ee, and my e-mail
> address would have no relation then. We could say that my OP, openid.ee,
> sets up a policy of validating e-mail addresses before we associate them
> with users, but that's out of the scope of OpenID. It would be a
> peer-to-peer trust decision done by the RP towards a specific OP "I trust
> that this OP gives out verified e-mail addresses" and possibly decides NOT
> to do the independent verification of the reachability of the e-mail
> address.
>
> If I was a RP and my operations relied on verified e-mail addresses, I would
> in any case independently verify the reach-ability of e-mail addresses.
>
> What does make sense is e-mail based discovery (which is being worked on)
> and the assumption that the e-mail used in such a transaction is a real and
> usable e-mail address.
>
> m.
>
> On 30.03.2009, at 13:43, santrajan wrote:
>
>>
>> If you have read my articles, nowhere have I stated the your email address
>> or
>> any other information is provided without your determination. Let me make
>> this clear. The OP provides the email to the RP only after asking the
>> user.
>> And your arguments are exactly what the proponents of OpenId have put
>> forward for the last two years, and OpenID hasnt reached anywhere, has it?
>>
>>
>> William J. Coldwell-2 wrote:
>>>
>>> I read both of your articles on OpenID, and I have no confidence in
>>> what you've
>>> stated.  I do not want my OpenID tied to any specific email, or other
>>> information
>>> that would be provided automatically without my determination (e.g.,
>>> verisignlabs).
>>>
>>> Email addresses can change (ISP goes under, user forgets email
>>> password, whatever),
>>> and any tool that gives spammers more fodder is never good.
>>>
>>> --Cryo
>>>
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Re%3A-The-Various-Methods-For-%22user%40domain.com%22-Style-Identifiers-tp22651519p22780495.html
>> Sent from the OpenID - General mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>
> --
> Martin Paljak
> http://martin.paljak.pri.ee
> +372.515.6495
>
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>