[PROPOSAL] Handle "http://user at example.com" Style Identifiers

Dick Hardt dick at sxip.com
Sun Oct 22 16:25:33 UTC 2006


On 20-Oct-06, at 12:17 PM, John Panzer wrote:

> Kaliya * wrote on 10/20/2006, 11:57 AM:
>
>> I think it is a terrible idea.
>>
>> 1) If you put something out into the market that looks like an e- 
>> mail it will be used like an e-mail. I have personal experience  
>> with this.
>>
>> I had a AIM handle for the Mac part of the universe kaliya at mac.com  
>> (it was not an e-mail address) but because it looked like one  
>> people used it like one and I basically had to go to .mac and pay  
>> for an account so that the wires did not cross.
> This came out of the discussions we have about a smooth migration  
> path for our users at AOL.  In our case the user at example.com  
> nickname is also a resolvable email address, though it may not be  
> the primary mail account of the user.  I'd suggest that as a best  
> practice, anywhere that a user at example.com nickname is used, it  
> should also be a resolvable email address.  And there should always  
> be an option to not use something that looks like an email address.
>> 2) I think OpenID is new and needs a new way to identify folks.  
>> And it is our job to teach people about this new way.  Lots of  
>> services give people homepages within their spaces...myspace,  
>> AIMpages etc.  so they can use those URL's if they don't have one  
>> yet they can get one.
> There's a bootstrapping problem here.  It's very, very hard to  
> promote the use of something that requires a more complex login  
> flow to replace something that is very simple (albeit limited and  
> in its own silo).  How can we cross this chasm?  Our suggestion is  
> to support existing practice of user at example.org in a standard way,  
> while being open to new practices.  Once we can support both we can  
> gain experience and start gradually migrating people over to the  
> new world.  At least that's my take.

I empathize with your problem John, but I agree with Kaliya and others.

Lets take another step back and envision what the login box prompt  
will say. In OpenID 1.x it was:

	"Enter your OpenID"

With some text to explain what an OpenID was.

With OpenID 2.0, we have something like:

	"Homesite | i-name | OpenID"

(Homesite being more user friendly then IdP)

All of these items are new things to users, and the user either has  
one or does not.

If we support email addresses, then the prompt may look something  
like this:

	"email | Homesite | i-name | OpenID"

Now any user with an email address thinks they can type it into the  
box and login. This of course is not going to be the case.

I think the most straightforward method for your users is to educate  
them that AOL is now a homesite, and they can type in aol.com into  
the box. This user experience then is very similar to the user typing  
in aol.com into the address bar. They get sent to aol.com which will  
then prompt them for user at aol.com.

Given that you need to educate them that they can do something new to  
begin with, this seems to be the most straightforward path.

-- Dick



More information about the specs mailing list