Using email address as OpenID identifier

Eran Hammer-Lahav eran at hueniverse.com
Wed Apr 2 04:17:24 UTC 2008 

Take a look at http://www.hueniverse.com/hueniverse/2008/01/addressing-open.html - especially the list of other solutions proposed before me, as well as Brad's proposal.

The thing is, you need the @gmail, @hotmail, @msn, @yahoo, @aol to support this DNS, and they *are* the email providers.

EHL

From: Paul E. Jones [mailto:paulej at packetizer.com]
Sent: Tuesday, April 01, 2008 11:42 PM
To: Eran Hammer-Lahav; specs at openid.net
Subject: RE: Using email address as OpenID identifier

Eran,

You're entirely correct that this is not an OpenID issue, per se.  In fact, not a single word of text would need to be changed in the current v2 specs, as far as I'm concerned.

But, I do think that it will take some of the core OpenID team members to put a stake in the ground and say, "this is the convention that we'll follow."  What needs to happen then is perhaps an extension written that explains how to convert an email address to a URL.  Using NAPTR records seems like the simplest way to do it to me, but I'm open to suggestions.

Perhaps it is important to say, though, that I do not think it requires the e-mail providers to get on board with this (in my view) simpler notation.  I could use an ID like paulej at myopenid.com and that should work, if myopenid.com would publish the appropriate NAPTR record.  I could also insert NAPTR records into the packetizer.com DNS server that would allow me to use my email address, but point at my preferred OpenID provider.  In short, just because the user at domain syntax is used does not mean that it necessarily an e-mail address: it could be, but more importantly, it just follows that familiar format documented in RFC 822.

Paul

From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf Of Eran Hammer-Lahav
Sent: Tuesday, April 01, 2008 10:43 PM
To: specs at openid.net
Subject: RE: Using email address as OpenID identifier

The beauty of the current OpenID spec is that anyone can implement it and go live. However, with email identifiers you need email providers to support it. If Google, Yahoo, AOL, or Microsoft announced they are adding such a feature, I am sure the others are likely to follow. Get 2 of these 4 and you've got something going. But the biggest issue is not picking a standard but finding a company willing to put something out there.

As for the technical solutions, there are many from DNS to XRDS to a simple template agreed by all. Brad Fitzpatrick argued at FooCamp that this is not an OpenID issue, but a non-HTTP URI --> HTTP URI conversation. Basically if you had a generic way of moving from mailto:user at example.com to http://example.com/url/user (or any other URI with HTTP, the domain, and the user), any URI can be used for OpenID.

But at the end this is about someone of a major email provider saying they are interested and put out something people can use. After that I expect the snowball to roll. So, do you know anyone? :)

EHL

From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf Of Paul E. Jones
Sent: Tuesday, April 01, 2008 10:31 PM
To: specs at openid.net
Subject: Using email address as OpenID identifier

Folks,

I've seen discussion here and there on the use of the e-mail address as the OpenID identifier.  Perhaps this one says it best:
http://www.majordojo.com/2007/02/what-openid-needs.php

I share many of same opinions.  If OpenID is going to be practically usable by the average person, we cannot require the person to remember some very complex identifier.  When I signed up for Yahoo's OpenID service, it presented me with a hideously ugly URL that looked similar to a base64-encoded string.  I could not begin to tell you what it was.  Fortunately, Yahoo allowed me to define my own, friendlier name.  Still, the ID is not one that the average user will remember or get right.

While the e-mail address does not have to be the one's ID, it can certainly serve as an alias.  Suppose, for example, that the DNS records at Yahoo contained the following entry:

  yahoo.com. IN NAPTR 100 10 "U" "OpenID2" "^(.+)@(.*)$!https://me.yahoo.com/\1!i"

This would allow a Relaying Party to accept an e-mail address and perform a simple transformation to get the "real" URL identifier.  Of course, this does not mean that the existing URL or XRI identifiers are invalid, nor does it mean that the "email address" has to be a real e-mail address.  But, this form would certainly be far simpler for most people to deal use.

If something like this has been discussed and rejected, what was the reason?

Thanks,
Paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080402/1afa04c6/attachment-0002.htm>

More information about the specs mailing list