[OpenID] Finally, light at the end of the tunnel, for OpenID

SitG Admin sysadmin at shadowsinthegarden.com
Fri May 8 18:22:52 UTC 2009 

>Non email providers
>can issue virtual email addresses if they like. But it is not the real thing
>and they will have to dish out the real email address via SREG or AX.

Oh? Why is that?

E-mail proxies and temporary (disposable) addresses are, if the 
number of providers that have sprung up are any indication, a popular 
service. I think users can understand the idea of using addresses 
that are not their "real" ones, but get there nonetheless, or manage 
to let the user access information without being connected to a 
"real" address at all.

I think RP's, too, are aware that this happens; I don't believe that 
RP's insist on having "real" E-mail addresses for their users, though 
I haven't made a comprehensive study of major RP's to see how many 
would reject addresses at well-known proxies or providers of 
disposable addresses.

>To really make OpenID happen I always believed we need one of the biggies.
>Ebay or Amazon or someone like that, and these guys won't play without an
>email address. With the webfinger protocol for email addresses they will
>definitely come on board.

I'm not seeing any evidence to support your belief. Can you get a 
spokesperson for one of those companies to come forth and make a 
public announcement confirming that the E-mail address was an 
absolute dealbreaker for them? How about, now that E-mail is a 
tentative possibility, they have no further reservations about OpenID?

(Those are VERY different statements.)

Since we currently lack both a comprehensive study of how many RP's 
actively reject E-mail addresses that are not "real" AND any official 
statement from those "biggies" about the importance of an E-mail 
address to their opinion of OpenID, your beliefs look more like 
wish-fulfillment than an astute assessment of the implications here. 
Not a wise platform on which to base community pursuit of the 
protocol.

As a supporter of the Webfinger protocol (because it looks promising, 
NOT because I think it will single-handedly catapault OpenID into all 
the major sites), I find it embarrassing that one of the most vocal 
advocates is inflating its importance so unrealistically. Let's not 
get ahead of ourselves.

-Shade

More information about the general mailing list