[PROPOSAL] Handle "http://user at example.com" Style Identifiers
Dick Hardt
dick at sxip.com
Sun Oct 22 16:29:15 UTC 2006
On 20-Oct-06, at 10:14 AM, George Fletcher wrote:
> [Sorry for the strange posting format. I got on the list after
> seeing the emails. --George]
>
> First, I'm new to the list and don't want to resurface an old and
> long debated topic.
>
> To me this proposal is about how to make finding the user's IDP
> simpler using something the customer is already familiar with.
> Therefore, the email address format in not an identifier, but
> rather a way to hint to the RP both my IDP and an identifier to use
> at the IDP. The desire being to address current user behavior
> which doesn't include specifying a URI as a login mechanism. I
> don't use URI's at Flickr, Apple, Yahoo, Google, AOL or Microsoft.
> Trying to educate "the masses" to remember a new identifier, that
> for some is meaningless (i.e. the user might not have a blog or
> other URL that they are used to remembering or sharing), is difficult.
See email to John. I think the user is already familiar with typing
in a domain name to get to a site. They can type in yahoo.com,
google.com or aol.com to get to their prospective homesite.
>
> As another option, the RP could present UI that has a drop down of
> "common IDPs" and then based on the selected "common IDP" provide
> another text entry for that IDP's form of identifer. However, that
> somewhat defeats the purpose of trying to have a very simple form
> entry mechanism which customers can get used to seeing and feel
> comfortable with. It also places a burden on the RP to keep their
> UI up-to-date.
LOL ... and who would determine who the "common IdPs" are? :-) ... I
can envision many enterprises managing their employees identity.
>
> Of course, my expectation is that this syntax would be optional;
> the user can always specify their full URI identifier.
>
> I agree that this kind of an identifier is not portable, but I'm
> guessing that most users wouldn't know how to tweak their blog to
> add the necessary OpenID 1.1 HTML code to change their IDP. Most
> users, just use flickr for photos and if flickr supported OpenID,
> could potentially use some URI defined for them by flickr as an
> OpenID identifier. This identifier from flickr would not be very
> easily portable.
My understanding of the proposal from David was that this was a way
to discover the user's IdP, not that the email was an identifier.
-- Dick
More information about the specs
mailing list