[PROPOSAL] Handle "http://user at example.com" Style Identifiers

Dick Hardt dick at sxip.com
Sun Oct 22 16:29:15 UTC 2006 

On 20-Oct-06, at 10:14 AM, George Fletcher wrote:

> [Sorry for the strange posting format.  I got on the list after  
> seeing the emails. --George]
>
> First, I'm new to the list and don't want to resurface an old and  
> long debated topic.
>
> To me this proposal is about how to make finding the user's IDP  
> simpler using something the customer is already familiar with.  
> Therefore, the email address format in not an identifier, but  
> rather a way to hint to the RP both my IDP and an identifier to use  
> at the IDP.  The desire being to address current user behavior  
> which doesn't include specifying a URI as a login mechanism.  I  
> don't use URI's at Flickr, Apple, Yahoo, Google, AOL or Microsoft.   
> Trying to educate "the masses" to remember a new identifier, that  
> for some is meaningless (i.e. the user might not have a blog or  
> other URL that they are used to remembering or sharing), is difficult.

See email to John. I think the user is already familiar with typing  
in a domain name to get to a site. They can type in yahoo.com,  
google.com or aol.com to get to their prospective homesite.

>
> As another option, the RP could present UI that has a drop down of  
> "common IDPs" and then based on the selected "common IDP" provide  
> another text entry for that IDP's form of identifer. However, that  
> somewhat defeats the purpose of trying to have a very simple form  
> entry mechanism which customers can get used to seeing and feel  
> comfortable with.  It also places a burden on the RP to keep their  
> UI up-to-date.

LOL ... and who would determine who the "common IdPs" are? :-) ... I  
can envision many enterprises managing their employees identity.

>
> Of course, my expectation is that this syntax would be optional;  
> the user can always specify their full URI identifier.
>
> I agree that this kind of an identifier is not portable, but I'm  
> guessing that most users wouldn't know how to tweak their blog to  
> add the necessary OpenID 1.1 HTML code to change their IDP.  Most  
> users, just use flickr for photos and if flickr supported OpenID,  
> could potentially use some URI defined for them by flickr as an  
> OpenID identifier.  This identifier from flickr would not be very  
> easily portable.

My understanding of the proposal from David was that this was a way  
to discover the user's IdP, not that the email was an identifier.

-- Dick

More information about the specs mailing list