Using email address as OpenID identifier

Paul E. Jones paulej at packetizer.com
Wed Apr 2 05:05:09 UTC 2008 

Eran,

 

I'm not suggesting that the address must be a real e-mail address.  I'm
suggesting that the ID has that form.  It's easier for users than entering
https://me.yahoo.com/userid.  If it happens to also be one's real e-mail
address, fine.  That would be a plus for me, but I don't see that as a
requirement.

 

Paul

 

 

From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf
Of Eran Hammer-Lahav
Sent: Wednesday, April 02, 2008 12:17 AM
To: specs at openid.net
Subject: RE: Using email address as OpenID identifier

 

Take a look at
http://www.hueniverse.com/hueniverse/2008/01/addressing-open.html -
especially the list of other solutions proposed before me, as well as Brad's
proposal.

 

The thing is, you need the @gmail, @hotmail, @msn, @yahoo, @aol to support
this DNS, and they *are* the email providers.

 

EHL

 

From: Paul E. Jones [mailto:paulej at packetizer.com] 
Sent: Tuesday, April 01, 2008 11:42 PM
To: Eran Hammer-Lahav; specs at openid.net
Subject: RE: Using email address as OpenID identifier

 

Eran,

 

You're entirely correct that this is not an OpenID issue, per se.  In fact,
not a single word of text would need to be changed in the current v2 specs,
as far as I'm concerned.

 

But, I do think that it will take some of the core OpenID team members to
put a stake in the ground and say, "this is the convention that we'll
follow."  What needs to happen then is perhaps an extension written that
explains how to convert an email address to a URL.  Using NAPTR records
seems like the simplest way to do it to me, but I'm open to suggestions.

 

Perhaps it is important to say, though, that I do not think it requires the
e-mail providers to get on board with this (in my view) simpler notation.  I
could use an ID like paulej at myopenid.com and that should work, if
myopenid.com would publish the appropriate NAPTR record.  I could also
insert NAPTR records into the packetizer.com DNS server that would allow me
to use my email address, but point at my preferred OpenID provider.  In
short, just because the user at domain syntax is used does not mean that it
necessarily an e-mail address: it could be, but more importantly, it just
follows that familiar format documented in RFC 822.

 

Paul

 

From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf
Of Eran Hammer-Lahav
Sent: Tuesday, April 01, 2008 10:43 PM
To: specs at openid.net
Subject: RE: Using email address as OpenID identifier

 

The beauty of the current OpenID spec is that anyone can implement it and go
live. However, with email identifiers you need email providers to support
it. If Google, Yahoo, AOL, or Microsoft announced they are adding such a
feature, I am sure the others are likely to follow. Get 2 of these 4 and
you've got something going. But the biggest issue is not picking a standard
but finding a company willing to put something out there.

 

As for the technical solutions, there are many from DNS to XRDS to a simple
template agreed by all. Brad Fitzpatrick argued at FooCamp that this is not
an OpenID issue, but a non-HTTP URI --> HTTP URI conversation. Basically if
you had a generic way of moving from mailto:user at example.com to
http://example.com/url/user (or any other URI with HTTP, the domain, and the
user), any URI can be used for OpenID.

 

But at the end this is about someone of a major email provider saying they
are interested and put out something people can use. After that I expect the
snowball to roll. So, do you know anyone? J

 

EHL

 

From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On Behalf
Of Paul E. Jones
Sent: Tuesday, April 01, 2008 10:31 PM
To: specs at openid.net
Subject: Using email address as OpenID identifier

 

Folks,

 

I've seen discussion here and there on the use of the e-mail address as the
OpenID identifier.  Perhaps this one says it best:

http://www.majordojo.com/2007/02/what-openid-needs.php

 

I share many of same opinions.  If OpenID is going to be practically usable
by the average person, we cannot require the person to remember some very
complex identifier.  When I signed up for Yahoo's OpenID service, it
presented me with a hideously ugly URL that looked similar to a
base64-encoded string.  I could not begin to tell you what it was.
Fortunately, Yahoo allowed me to define my own, friendlier name.  Still, the
ID is not one that the average user will remember or get right.

 

While the e-mail address does not have to be the one's ID, it can certainly
serve as an alias.  Suppose, for example, that the DNS records at Yahoo
contained the following entry:

 

  yahoo.com. IN NAPTR 100 10 "U" "OpenID2"
"^(.+)@(.*)$!https://me.yahoo.com/\1!i"

 

This would allow a Relaying Party to accept an e-mail address and perform a
simple transformation to get the "real" URL identifier.  Of course, this
does not mean that the existing URL or XRI identifiers are invalid, nor does
it mean that the "email address" has to be a real e-mail address.  But, this
form would certainly be far simpler for most people to deal use.

 

If something like this has been discussed and rejected, what was the reason?

 

Thanks,

Paul

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080402/72ec2eb9/attachment-0002.htm>

More information about the specs mailing list