[OpenID] A Case for OpenEmailID

Peter Williams pwilliams at rapattoni.com
Tue May 5 18:13:49 UTC 2009 

im happy. I don't view the email address as anything other than an active directory UPN (in rfc822 form). Its a syntax, not something anything necessarily to do with an email account, or control thereof.  Thus its just a way of nominating a directory object, one of whose attributes is a static XRD. later, one can imagine letting certain ldap or other types of gc query do some of what (more intelligent) XRI resolution does, and allow for different naming domains to do for openid what kerberos v5 transitivie trust does for domains within cross-forest trusts - in the AD world.

as long as there are XRDs, there are delegations... delegation is a function of the signed metadata, not the identity protocol.

________________________________________
From: George Fletcher [gffletch at aol.com]
Sent: Tuesday, May 05, 2009 9:08 AM
To: david at sixapart.com
Cc: Peter Williams; Santosh Rajan; general at openid.net
Subject: Re: [OpenID] A Case for OpenEmailID

Thanks for the pointer! Glad to see this leveraging XRD and associated
specs. With XRD, I believe that Martin's issues with delegation can be
addressed, because the XRD associated with the email address could
delegate on a per ID basis rather than the whole domain.

Thanks,
George

David Recordon wrote:
> I personally think it's really important to keep URLs in OpenID and
> finding a way to optionally map between URLs and email addresses.  We
> already know how to point a URL to an email, the next question is an
> email to a URL.  Brad Fitzpatrick and a few others have started
> playing with this dubbed WebFinger (http://code.google.com/p/webfinger/).
>
> As for OP portability (aka delegation), I think this is a property
> that must remain for URLs though is less important for email
> addresses.  With URLs you can delegate on the URL basis ignoring the
> domain or path.  With email addresses, I think it's alright to have
> one OpenID Provider for the entire domain instead of optimizing for
> the case of each user at the domain having their own Provider.
>
> --David
>
> On May 4, 2009, at 12:33 PM, Peter Williams wrote:
>
>>
>>
>> I know that a few years ago this was heresy,
>>
>> --------
>>
>> That the heretics are winning the pragmatics tells me openid is going
>> to make it. Folks are not stuck in the idealism of the original design.
>>
>> For me, the biggest issue is not the dropping of the URL, but: Will
>> openid forgo OP portability ?
>>
>> There is a good chance that the term UCI will be watered down to be
>> mean nothing more than consent for attribute release, per RP. That
>> is, it will be OP trust model that controls information flows (not
>> user trust models); and it will be the OP that controls which
>> discovery points an RP may use, and what ciphersuites are used
>> end-end (if any).
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>

More information about the general mailing list