[OpenID] A Case for OpenEmailID
David Recordon
david at sixapart.com
Mon May 4 19:52:34 UTC 2009
I personally think it's really important to keep URLs in OpenID and
finding a way to optionally map between URLs and email addresses. We
already know how to point a URL to an email, the next question is an
email to a URL. Brad Fitzpatrick and a few others have started
playing with this dubbed WebFinger (http://code.google.com/p/
webfinger/).
As for OP portability (aka delegation), I think this is a property
that must remain for URLs though is less important for email
addresses. With URLs you can delegate on the URL basis ignoring the
domain or path. With email addresses, I think it's alright to have
one OpenID Provider for the entire domain instead of optimizing for
the case of each user at the domain having their own Provider.
--David
On May 4, 2009, at 12:33 PM, Peter Williams wrote:
>
>
> I know that a few years ago this was heresy,
>
> --------
>
> That the heretics are winning the pragmatics tells me openid is
> going to make it. Folks are not stuck in the idealism of the
> original design.
>
> For me, the biggest issue is not the dropping of the URL, but: Will
> openid forgo OP portability ?
>
> There is a good chance that the term UCI will be watered down to be
> mean nothing more than consent for attribute release, per RP. That
> is, it will be OP trust model that controls information flows (not
> user trust models); and it will be the OP that controls which
> discovery points an RP may use, and what ciphersuites are used end-
> end (if any).
More information about the general
mailing list