Using email address as OpenID identifier

Dick Hardt dick at sxip.com
Wed Apr 2 05:09:21 UTC 2008 

Entering yahoo.com is even easier!

On 1-Apr-08, at 10:05 PM, Paul E. Jones wrote:

> Eran,
>
> I’m not suggesting that the address must be a real e-mail address.   
> I’m suggesting that the ID has that form.  It’s easier for users  
> than enteringhttps://me.yahoo.com/userid.  If it happens to also be  
> one’s real e-mail address, fine.  That would be a plus for me, but I  
> don’t see that as a requirement.
>
> Paul
>
>
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On  
> Behalf Of Eran Hammer-Lahav
> Sent: Wednesday, April 02, 2008 12:17 AM
> To: specs at openid.net
> Subject: RE: Using email address as OpenID identifier
>
> Take a look at http://www.hueniverse.com/hueniverse/2008/01/addressing-open.html 
>  - especially the list of other solutions proposed before me, as  
> well as Brad’s proposal.
>
> The thing is, you need the @gmail, @hotmail, @msn, @yahoo, @aol to  
> support this DNS, and they *are* the email providers.
>
> EHL
>
> From: Paul E. Jones [mailto:paulej at packetizer.com]
> Sent: Tuesday, April 01, 2008 11:42 PM
> To: Eran Hammer-Lahav; specs at openid.net
> Subject: RE: Using email address as OpenID identifier
>
> Eran,
>
> You’re entirely correct that this is not an OpenID issue, per se.   
> In fact, not a single word of text would need to be changed in the  
> current v2 specs, as far as I’m concerned.
>
> But, I do think that it will take some of the core OpenID team  
> members to put a stake in the ground and say, “this is the  
> convention that we’ll follow.”  What needs to happen then is perhaps  
> an extension written that explains how to convert an email address  
> to a URL.  Using NAPTR records seems like the simplest way to do it  
> to me, but I’m open to suggestions.
>
> Perhaps it is important to say, though, that I do not think it  
> requires the e-mail providers to get on board with this (in my view)  
> simpler notation.  I could use an ID like paulej at myopenid.com and  
> that should work, if myopenid.com would publish the appropriate  
> NAPTR record.  I could also insert NAPTR records into the  
> packetizer.com DNS server that would allow me to use my email  
> address, but point at my preferred OpenID provider.  In short, just  
> because the user at domain syntax is used does not mean that it  
> necessarily an e-mail address: it could be, but more importantly, it  
> just follows that familiar format documented in RFC 822.
>
> Paul
>
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On  
> Behalf Of Eran Hammer-Lahav
> Sent: Tuesday, April 01, 2008 10:43 PM
> To: specs at openid.net
> Subject: RE: Using email address as OpenID identifier
>
> The beauty of the current OpenID spec is that anyone can implement  
> it and go live. However, with email identifiers you need email  
> providers to support it. If Google, Yahoo, AOL, or Microsoft  
> announced they are adding such a feature, I am sure the others are  
> likely to follow. Get 2 of these 4 and you’ve got something going.  
> But the biggest issue is not picking a standard but finding a  
> company willing to put something out there.
>
> As for the technical solutions, there are many from DNS to XRDS to a  
> simple template agreed by all. Brad Fitzpatrick argued at FooCamp  
> that this is not an OpenID issue, but a non-HTTP URI --> HTTP URI  
> conversation. Basically if you had a generic way of moving  
> frommailto:user at example.com to http://example.com/url/user (or any  
> other URI with HTTP, the domain, and the user), any URI can be used  
> for OpenID.
>
> But at the end this is about someone of a major email provider  
> saying they are interested and put out something people can use.  
> After that I expect the snowball to roll. So, do you know anyone? J
>
> EHL
>
> From: specs-bounces at openid.net [mailto:specs-bounces at openid.net] On  
> Behalf Of Paul E. Jones
> Sent: Tuesday, April 01, 2008 10:31 PM
> To: specs at openid.net
> Subject: Using email address as OpenID identifier
>
> Folks,
>
> I’ve seen discussion here and there on the use of the e-mail address  
> as the OpenID identifier.  Perhaps this one says it best:
> http://www.majordojo.com/2007/02/what-openid-needs.php
>
> I share many of same opinions.  If OpenID is going to be practically  
> usable by the average person, we cannot require the person to  
> remember some very complex identifier.  When I signed up for Yahoo’s  
> OpenID service, it presented me with a hideously ugly URL that  
> looked similar to a base64-encoded string.  I could not begin to  
> tell you what it was.  Fortunately, Yahoo allowed me to define my  
> own, friendlier name.  Still, the ID is not one that the average  
> user will remember or get right.
>
> While the e-mail address does not have to be the one’s ID, it can  
> certainly serve as an alias.  Suppose, for example, that the DNS  
> records at Yahoo contained the following entry:
>
>   yahoo.com. IN NAPTR 100 10 "U" "OpenID2" "^(.+)@(.*)$!https://me.yahoo.com/ 
> \1!i"
>
> This would allow a Relaying Party to accept an e-mail address and  
> perform a simple transformation to get the “real” URL identifier.   
> Of course, this does not mean that the existing URL or XRI  
> identifiers are invalid, nor does it mean that the “email address”  
> has to be a real e-mail address.  But, this form would certainly be  
> far simpler for most people to deal use.
>
> If something like this has been discussed and rejected, what was the  
> reason?
>
> Thanks,
> Paul
>
> _______________________________________________
> specs mailing list
> specs at openid.net
> http://openid.net/mailman/listinfo/specs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20080401/263af70d/attachment-0002.htm>

More information about the specs mailing list