[PROPOSAL] Handle "http://user at example.com" Style Identifiers
David Fuelling
sappenin at gmail.com
Thu Nov 9 18:18:41 UTC 2006
Hi Martin,
This is interesting.
I guess your suggestion (see your msg below) deals with a sub-topic of the
whole "should email be allowed in the OpenId login form" debate, which is
this:
"If email is allowed in the OpenId login form, should the
mapping/normalization include the email Userid...OR, should OpenId ignore
the email address userid, and map/normalize an email address to a specific
IdP URL, allowing the IdP more flexibility in determining how to do login"?
1.) I'm not convinced that OpenId specifying a mapping/normalization scheme
that maps email addresses to IdP/OP URL's is really so bad. We're already
mapping/normalizing www.cnn.com to its correct http scheme equivalent
(http://www.cnn.com).
2.) In Mozilla 2.0, if I type beth at google.com into the URL bar, it
normalizes that (behind the scenes) to
http://beth:<blank_password>@google.com. Because google.com doesn't require
user auth, I'm then redirected to http://google.com, which redirects to
http://www.google.com.
3.) The voice-activated OpenId thread on these lists comes to mind - a
Userid component of an email address may not be required, nor necessary in
many cases if a user is identified on the IdP/OP by his/her voice (for
example).
I'm curious to hear yours (and everyone else's) thoughts on this. I don't
think we want to couple OpenId too tightly (if at all) to an email address
-- just provide an easy-to-use bridge between the two.
> -----Original Message-----
> From: general-bounces at openid.net [mailto:general-bounces at openid.net] On
> Behalf Of Martin Atkins
> Sent: Thursday, November 09, 2006 12:05 PM
> To: general at openid.net
> Subject: Re: [PROPOSAL] Handle "http://user@example.com" Style Identifiers
>
> One idea we came up with before was to specify that blah at example.com
> becomes http://blah@example.com/ and the RP should try sending an
> authenticate header for basic auth with base64 of "blah:" (empty password)
>
> This way it's (kinda) true to the meaning of that portion of the URL
> scheme and it allows the IdP to distinguish between different users.
>
> We'd have to check to make sure that this never conflicts with Basic
> auth implementations built into servers/frameworks, of course.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
More information about the specs
mailing list