[PROPOSAL] Handle "http://user at example.com" Style Identifiers
Hallam-Baker, Phillip
pbaker at verisign.com
Fri Oct 20 02:08:06 UTC 2006
Back at the dawn of the Web I made the mistake of thinking that the address bar was the place you type a URI.
We now know that it is the place you type a search term that may be a URL in canonical form or may be a domain name or may be a search term to be thrown at a search engine. It was one of the principle innovations in Netscape over Mosaic.
Any identifier can be represented as a URI. Just stick SCHEME: in front.
> -----Original Message-----
> From: specs-bounces at openid.net
> [mailto:specs-bounces at openid.net] On Behalf Of Recordon, David
> Sent: Thursday, October 19, 2006 9:46 PM
> To: specs at openid.net
> Subject: [PROPOSAL] Handle "http://user@example.com" Style Identifiers
>
> In meeting with a large service provider this week, an issue
> around end user usability came up. The concern they
> expressed was that users are know how to enter usernames or
> email addresses to initiate the login process. While
> directed identity allows the user to enter "example.com",
> they feel that it still is a bit of a stretch at this time
> for any major deployment of OpenID.
>
> The proposal we came up with was within the spec describing
> what to do if someone were to enter "user at example.com" in a
> Relying Party's OpenID login form. The idea is that the RP
> splits the string on the "@" and then treats "example.com" as
> the IdP Identifier. This thus doesn't actually require any
> changes to the protocol itself. Any Relying Party can do
> this today, but they desire to see this as part of the
> specification itself so they wouldn't be doing anything special.
>
> Within the
> http://www.lifewiki.net/openid/ConsolidatedDelegationProposal
> proposal, in case one, openid.identity would be set to
> "http://openid.net/identifier_select/2.0" and then instead of
> openid.portable being empty, in this case "user at example.com"
> would be sent to the IdP. While not perfectly mapping to the
> definition of the openid.portable field, it doesn't seem like
> that much of a hack to do this.
>
> While I certainly am not looking to re-kindle the "Why a
> URI?" debate, http://user@example.com is also technically a
> valid URI. It is used in many cases by browsers to provide a
> username when making a web request.
>
> So while this is a little funky, I really think the increased
> usability offered by describing what a RP should do when a
> string like this is entered seems to outweigh the potential
> conceptual confusion.
>
> Thoughts?
>
> --David
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs
>
>
More information about the specs
mailing list