[PROPOSAL] Handle "http://user at example.com" Style Identifiers

Johannes Ernst jernst+openid.net at netmesh.us
Fri Oct 20 21:08:36 UTC 2006 

We actually built some code some time ago to explore this. The basic  
insight was:

if we can do Yadis discovery on XRIs (which aren't rooted in DNS),  
then we can do Yadis discovery on any other kind of identifier,  
whether it's an e-mail address or an ISBN number or what have you --  
and once we have a Yadis file for a given identifier, we are home  
free because it essentially maps that identifier into HTTP. We  
considered three or four different ways of doing Yadis resolution  
from e-mail addresses and the like, including the http:// 
user at example.com/ idea that David mentions; under the hood they are  
different, but what the user sees is the same.

Usability is the key problem here:
  - we confuse the user because suddenly it's not URL-based identity  
any more
  - we confuse the user because users aren't clickable any more  
(except for a mailto: tag, which is confusing in its own right it  
most identities pop up a blog or home page)
  - we confuse the user because if I type the identifier into by  
browser's address bar, it pops up a phishing warning (!) instead of  
the user's home page.

We decided that for the time being, it was going to be much easier to  
educate users on the need to use URLs as identifiers, than to educate  
users to not be confused by the above behaviors.

The situation would change if, say, Mozilla and MSFT were performing  
Yadis discovery on e-mail-style identifiers, and directed the user to  
their (http) home page from a given e-mail address. Not impossible to  
imagine, but certainly not something to expect any century from now.


On Oct 20, 2006, at 13:44, Jonathan Daugherty wrote:

> # I'm not actually proposing the IdP make an assertion about
> # user at example.com.  It would only be used during the discovery phase
> # and then an assertion for a URL be returned.
>
> Ok, I misunderstood.  But even in the case where the IdP makes an
> assertion about a different identifier, that's confusing, too; you
> enter something that looks like an email (and maybe your provider
> tells you it even is), but you log into the site as something else,
> right?
>
> -- 
>   Jonathan Daugherty
>   JanRain, Inc.
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs

Johannes Ernst
NetMesh Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 973 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20061020/d5bc1524/attachment-0002.gif>
-------------- next part --------------
  http://netmesh.info/jernst

More information about the specs mailing list