<div class="gmail_quote">On Fri, Apr 3, 2009 at 1:42 PM, Martin Atkins <span dir="ltr"><<a href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="im">The longer-term approach would be to make the email address itself be an identifier, with assertions made by the email provider, though there is still the debate about what exactly constitutes "validation" of an email address. (Most RPs want to know not just that the person signing in owns the email address but that the email address is able to receive mail.)<br>
</div><div><div></div><div class="h5"></div></div></blockquote><div class="gmail_quote"><br></div>Slight diversion: no web site ever wants to know my email address so they can <span class="Apple-style-span" style="font-style: italic; ">receive</span> email from me. They only want to send me mail. In other words, they only want one-way communication. Their communication almost always comes from no-reply@company.foo email addresses. You're expected to use their web interface to communicate with them, because of course <span class="Apple-style-span" style="font-style: italic;">they</span> don't want you to have <span class="Apple-style-span" style="font-style: italic;">their</span> email address, lest they get spam. Ironic, isn't it?</div>
<div class="gmail_quote"><br></div><div class="gmail_quote">What I'm getting at is since the email validation problem hasn't been solved yet, and since email, a two-way communication system, isn't exactly a good fit for the mode most RPs want to use, why not find an alternative? </div>
<div class="gmail_quote"><br></div><div class="gmail_quote">Specifically what I'm thinking about is a kind of personal "push" RSS feed. An RSS feed that instead of a user adding items to it that everyone can read, it's a feed that everyone can <span class="Apple-style-span" style="font-style: italic;">write</span> to, that only the user can read. Basically like inbound-only email. But it could be built on a system that supports validation, particularly enabling validating some kind of association with an OpenID. For instance, and OpenID's XRDS document might advertise a service URI that accepts messages, which will in some way sends messages to the user. The RP will discover this automatically and all is well. If the RP cares to send the user a test message using it, the user checks his feed (however that happens--OPs can provide this service or let the user delegate to another site or even their email inbox), enters the code into the RP, and away he goes.</div>