You're right, Santosh. And I apologize. You have a right to express your views just as I do.<br><br>I guess the reason it's frustrating to read your arguments regarding email addresses is that they're unconvincing. You keep coming back to one of two arguments, it seems:<br>
1) until email addresses are OpenIDs, OpenID is useless, OR<br>2) until email addresses are guaranteed to be included in an OpenID login for an RP, OpenID is worthless.<br><br>You hit these two points <i>really</i> hard, but I have yet to see a valid argument to back up either of these arguments. There are totally legitimate, useful and <i>successful </i>RPs that either <i>really</i> don't want your email address, or could take it or leave it based on the user's preference. That by itself proves both your points as wrong. Email addresses are <i>not</i> the end-all of identifiers, and they are not always needed or even wanted. <br>
<br>We <i>can</i> agree on the point that many RPs <i>do</i> want email addresses. And I am <i>for</i> enhancing OpenID extensions to be more explicit in their specs about how RPs can indicate their requirement for email addresses during login at the OP. And I believe this would solve the problem you're seeing. But these are merely extensions to OpenID. OpenID as an authentication mechanism itself is sound, IMO.<br>
<br clear="all">--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
<br><br><div class="gmail_quote">On Tue, May 19, 2009 at 9:48 PM, Santosh Rajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
Why should I get off the email soapbox? Please remember I am the only one<br>
promoting the email case here. That is why it looks like a "soapbox" to you.<br>
If there were others promoting emails here I wouldn't have to be on the<br>
soapbox at all. The people who support emails dont seem to want to express<br>
their views here. You may not agree with my views, or I may not succeed to<br>
convince you, but I thing it is unfair for you to suggest that I should not<br>
express my views here.<br>
<div><div></div><div class="h5"><br>
<br>
Andrew Arnott wrote:<br>
><br>
> Ok, I could buy all of your arguments except the email address one. I<br>
> know<br>
> this is your soapbox, and I'm not interested in discussing it any more.<br>
> But<br>
> having an email address for an OpenID is not at all required for a<br>
> reasonable login experience at Facebook. There are many many OpenID RPs<br>
> that are good examples of how an OpenID *today*, with an *optional* or *<br>
> required* email address *works already*. Using an email address for an<br>
> OpenID does *nothing magical*. Can you get off this soapbox already?<br>
><br>
> --<br>
> Andrew Arnott<br>
> "I [may] not agree with what you have to say, but I'll defend to the death<br>
> your right to say it." - S. G. Tallentyre<br>
><br>
><br>
> On Tue, May 19, 2009 at 7:30 PM, Santosh Rajan <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>><br>
> wrote:<br>
><br>
>> Andrew,This is not only a farce, unfortunately it is also extremely bad<br>
>> news for OpenID.<br>
>> 1) Requiring one ID (Facebook ID) to use another ID (OpenID) is<br>
>> ridiculous<br>
>> to say the least. It is going to give a wrong impression about OpenID to<br>
>> all<br>
>> the Facebook users.<br>
>> 2) It will also give an impression that OpenID is something for accessing<br>
>> users data from another provider. Really this is the work of OAuth.<br>
>> 3) It gives the impression that OpenID is something like "twitter ID"<br>
>> which<br>
>> it is not. Again this is OAuth domain.<br>
>> 4) What impression do you think this is going to give potential RP's? Are<br>
>> you going to show Facebook as a great example of OpenID implementation?<br>
>><br>
>> I am not buying the argument that this is only a trial phase etc. If they<br>
>> really wanted to try OpenID they should have tried a beta for limited<br>
>> users.<br>
>> That is what most RP's do. If anything this will thoroughly confuse<br>
>> everybody about what OpenID is. This is going to cause more damage to<br>
>> OpenID<br>
>> than anything constructive.<br>
>><br>
>> I beleive OpenID MUST be on the users "log in" page and not buried<br>
>> somewhere in his "settings" page. I have already said many many times<br>
>> that<br>
>> RP's like these cannot implement OpenID correctly without an email<br>
>> address.<br>
>> But at the same time I dont want RP's to go ahead and implement something<br>
>> half baked and give the wrong impression to everybody. And Facebook<br>
>> implementation is going to remain more or less like this until the day<br>
>> emails are accepted as OpenID's.<br>
>><br>
>> On Wed, May 20, 2009 at 7:04 AM, Andrew Arnott<br>
>> <<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>>wrote:<br>
>><br>
>>> Santosh,<br>
>>><br>
>>> This isn't a farce at all, IMO. Facebook is a very big web site and<br>
>>> they're rolling out OpenID RP support slowly. Right now their UI has<br>
>>> experienced almost 0 change and yet they're able to start collecting<br>
>>> data<br>
>>> without intruding on the users who don't know what OpenID is. As they<br>
>>> collect usage data and test interoperability with various OPs, they gain<br>
>>> confidence that they can add some UI to the login and account creation<br>
>>> pages<br>
>>> so that eventually a password will no longer be required to create an<br>
>>> account.<br>
>>><br>
>>> I think it's a perfectly reasonable first step.<br>
>>><br>
>>> I don't like that Facebook requires access to my Contacts to hook up<br>
>>> with<br>
>>> Google. But if you don't like that, type in your own OpenID that is<br>
>>> from an<br>
>>> OP that doesn't have contacts and FB can't force you to give up your<br>
>>> Contacts. That's one of the pillars of OpenID: choose your OP. And<br>
>>> yes,<br>
>>> FB's auto-login feature works with any OP (not just Google,<br>
>>> notwithstanding<br>
>>> the blog posts implying otherwise), as long as that OP supports<br>
>>> checkid_immediate, which most do.<br>
>>><br>
>>> As far as Facebook being email address centric, I don't think that has<br>
>>> been a blocker with Facebook becoming an RP at all. And I'm looking<br>
>>> forward<br>
>>> to a future Facebook where email address is optional, and it comes<br>
>>> automatically with OpenID if I say it should while logging in.<br>
>>><br>
>>> --<br>
>>> Andrew Arnott<br>
>>> "I [may] not agree with what you have to say, but I'll defend to the<br>
>>> death<br>
>>> your right to say it." - S. G. Tallentyre<br>
>>><br>
>>><br>
>>> On Mon, May 18, 2009 at 9:08 PM, Santosh Rajan<br>
>>> <<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>>wrote:<br>
>>><br>
>>>><br>
>>>> I am seeing tweets and blog posts about Facebook support for OpenID. I<br>
>>>> had<br>
>>>> already suggested in an earlier post that it is going to be a farce.<br>
>>>> And<br>
>>>> that is what it exactly is.<br>
>>>><br>
>>>> You see, I have always maintained that it is impossible for Web site's<br>
>>>> who<br>
>>>> base their user identity on email addresses to support OpenID in the<br>
>>>> current<br>
>>>> form. And let me list out the problems with the so called Facebook<br>
>>>> OpenId<br>
>>>> support.<br>
>>>><br>
>>>> You can't log in into Facebook with your OpenID unless you are already<br>
>>>> logged in to another OpenID provider. So if you fire up your browser<br>
>>>> and<br>
>>>> go<br>
>>>> straight to Facebook, sorry!<br>
>>>><br>
>>>> You cannot create a Facebook account with OpenID. You need to create<br>
>>>> your<br>
>>>> Facebook account with your email address, and then log in to your<br>
>>>> account,<br>
>>>> and then go to settings, and then link your OpenID account.<br>
>>>><br>
>>>> Ok, so I decided to link my Google Account. I found that I could not<br>
>>>> link<br>
>>>> to<br>
>>>> my Google Account without me handing over all my Google contacts! In<br>
>>>> other<br>
>>>> words Google log in was useless for me.<br>
>>>><br>
>>>> When I tried to log in with Yahoo and I got the famous Yahoo message<br>
>>>> "Warning: This website has not confirmed its identity with Yahoo! and<br>
>>>> might<br>
>>>> be fraudulent. Do not share any personal information with this website<br>
>>>> unless you are certain it is legitimate."<br>
>>>><br>
>>>> And what I find most embarrassing is the so called "Openid evangelists"<br>
>>>> going "gaga" over this release. Maybe it is "Facebook" so they better<br>
>>>> say<br>
>>>> good things, no matter whatever they do.<br>
>>>><br>
>>>> -----<br>
>>>><br>
>>>> Santosh Rajan<br>
>>>> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a><br>
>>>> --<br>
>>>> View this message in context:<br>
>>>> <a href="http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html" target="_blank">http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23609450.html</a><br>
>>>> Sent from the OpenID - General mailing list archive at Nabble.com.<br>
>>>><br>
>>>> _______________________________________________<br>
>>>> general mailing list<br>
>>>> <a href="mailto:general@openid.net">general@openid.net</a><br>
>>>> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
>>>><br>
>>><br>
>>><br>
>><br>
><br>
> _______________________________________________<br>
> general mailing list<br>
> <a href="mailto:general@openid.net">general@openid.net</a><br>
> <a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
><br>
><br>
<br>
<br>
-----<br>
<br>
Santosh Rajan<br>
<a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a> <a href="http://santrajan.blogspot.com" target="_blank">http://santrajan.blogspot.com</a><br>
--<br>
</div></div>View this message in context: <a href="http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23628947.html" target="_blank">http://www.nabble.com/Facebook-support-for-OpenID.-Where--tp23609450p23628947.html</a><br>
<div><div></div><div class="h5">Sent from the OpenID - General mailing list archive at Nabble.com.<br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br>