Using email address as OpenID identifier

Paul E. Jones paulej at packetizer.com
Wed Apr 2 05:16:41 UTC 2008 

James,

>>yahoo.com. IN NAPTR 100 10 "U" "OpenID2"
"^(.+)@(.*)$!https://me.yahoo.com/\1!i" .
>
>
> 1. when a user enters an email address into an RP, how is the claimed
> ID derived from that input?

Using the NAPTR record as shown above, if I user paulej at yahoo.com, the RP
could perform a translation to https://me.yahoo.com/paulej
 
> 2. given such an input, how does the RP go about discovering the
> OpenID endpoint URL and local ID for that identity?
> 
> With answers to these two questions, the remainder of the protocol
> should function as is.

At this point, the RP would have the "real" OpenID ID for the user.
Everything else would proceed as normal.
 
> I'm guessing (correct me if I'm wrong) that you're suggesting that
> this DNS lookup be done as part of (1).  This seems like it would
> cause confusion if the user's ISP changed their DNS, since the user
> would see their email address as being the real identifier: not the
> URL that it maps to.

Yes, that could be an issue.  However, I would expect users would use an
identifier from a OP that *looks like* an e-mail address.  They would not
necessarily use their real address.  For example, I don't use Yahoo mail,
but I would enter paulej at yahoo.com as my OpenID ID.

> A solution that matches closer with what the user expects would be to
> map "fred at example.com" to a claimed ID of "mailto:fred at example.com".

The average user is not going to know what "mailto:" is.
 
> For (2), I'd suggest a solution that maps the email address to either
> directly to an OpenID endpoint (using the claimed ID as local ID), or
> to an XRDS file.  A DNS based solution seems fine here (either your
> NAPTR idea, or TXT records as suggested in replies to your post).

NAPTR queries and transformations are straight-forward.  It's just a regular
expression transformation from something that looks like an e-mail address
to the real OpenID ID.

But, again, I don't really care how it works. But, for the benefit of those
who are not so technically capable, I believe it's got to be super, super
trivial.  NAPTR would work extremely well, I think, and would be fast.  Any
OpenID OP could provide an e-mail style identifier and it would certainly be
a motivator for anybody providing e-mail service to also OpenID enable their
subscriber's e-mail addresses.

Paul

More information about the specs mailing list