Email Address to URL Transformation

George Fletcher gffletch at aol.com
Wed Jan 27 20:11:06 UTC 2010 

I think there are two different things being described... (1) meta data 
about the host (host-meta) and (2) meta data about the acct: identifier 
(XRD returned from the webfinger template URI endpoint).

In this thread, that host-meta XRD only describes one service of the 
host... webfinger. However, there is nothing stopping the host from also 
adding a <Link> specifying that it is also an OpenID Provider. I agree 
with Allen that this is valuable information. This doesn't preclude or 
supersede the XRD returned for the user (based on the template URI 
endpoint).

So, if an RP is looking to find the user's OP, then follow the webfinger 
protocol. If the RP just wants to know if a domain supports OpenID it 
can just look in the host-meta for that domain.

I don't think they conflict.

Thanks,
George

On 1/25/10 3:52 PM, Paul E. Jones wrote:
> Allen,
>
> Perhaps we're in agreement, but I wasn't clear.
>
> I think OpenID RPs should be able to use XRD documents in order to discover
> the user's login service -- I like this.  What I would *not* want is for
> that to be defined in this document:
> http://yahoo.com/.well-known/host-meta
>
> The reason is that this document is not user-specific and blankets
> everything under the yahoo.com domain.
>
> Rather, I'd want that to be in this document:
> http://webfinger.yahooapis.com/?id={%id}
>
> Or other document that allows the user to provide details about himself.
> So, if I enter paulej at yahoo.com, RPs would still be directed to
> http://openid.packetizer.com/paulej by querying the above document (or other
> document) and finding some pointer to my OP.
>
> Paul
>
>    
>> -----Original Message-----
>> From: Allen Tom [mailto:atom at yahoo-inc.com]
>> Sent: Monday, January 25, 2010 1:45 PM
>> To: Paul E. Jones
>> Cc: arshad.khan at channel321.com; specs at openid.net; 'John Panzer'
>> Subject: Re: Email Address to URL Transformation
>>
>> Hi Paul -
>>
>> This assumes that every user with a Gmail or Yahoo email account can
>> use
>> their account as an OpenID. Simply asking the user to enter their email
>> address to kickoff the sign-in process is a lot more scalable than the
>> NASCAR, and is probably a lot more usable then asking them to enter
>> their
>> OpenID URL.
>>
>> Allen
>>
>> On 1/24/10 7:12 PM, "Paul E. Jones"<paulej at packetizer.com>  wrote:
>>
>>      
>>> But, wouldn't that assume that every user who has a gmail.com or
>>>        
>> yahoo.com
>>      
>>> email address uses Google or Yahoo, respectively, for OpenID?
>>>
>>>
>>>        
>>      
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100127/02422ead/attachment.htm>

More information about the specs mailing list