Email Address to URL Transformation

Wed Jan 27 21:18:18 UTC 2010

George,

You're right that there are two things.  The question is, do we wish to
allow only OP advertisement via the host meta-data XRD file?  That would
certainly work for me.  But, would users prefer to have a single email
address (e.g., user at gmail.com) and still be able to associate that with a
different OP through webfinger?

People could always have a different acct: URI.  Is that preferred over
trying to support both host meta-data and user meta-data XRD documents? 

Paul

From: George Fletcher [mailto:gffletch at aol.com] 
Sent: Wednesday, January 27, 2010 3:11 PM
To: Paul E. Jones
Cc: 'Allen Tom'; arshad.khan at channel321.com; specs at openid.net
Subject: Re: Email Address to URL Transformation

I think there are two different things being described... (1) meta data
about the host (host-meta) and (2) meta data about the acct: identifier (XRD
returned from the webfinger template URI endpoint).

In this thread, that host-meta XRD only describes one service of the host...
webfinger. However, there is nothing stopping the host from also adding a
<Link> specifying that it is also an OpenID Provider. I agree with Allen
that this is valuable information. This doesn't preclude or supersede the
XRD returned for the user (based on the template URI endpoint).

So, if an RP is looking to find the user's OP, then follow the webfinger
protocol. If the RP just wants to know if a domain supports OpenID it can
just look in the host-meta for that domain.

I don't think they conflict.

Thanks,
George

On 1/25/10 3:52 PM, Paul E. Jones wrote: 

Allen,

Perhaps we're in agreement, but I wasn't clear.

I think OpenID RPs should be able to use XRD documents in order to discover
the user's login service -- I like this.  What I would *not* want is for
that to be defined in this document:
http://yahoo.com/.well-known/host-meta

The reason is that this document is not user-specific and blankets
everything under the yahoo.com domain.

Rather, I'd want that to be in this document:
http://webfinger.yahooapis.com/?id={%id}

Or other document that allows the user to provide details about himself.
So, if I enter paulej at yahoo.com, RPs would still be directed to
http://openid.packetizer.com/paulej by querying the above document (or other
document) and finding some pointer to my OP.

Paul

-----Original Message-----
From: Allen Tom [mailto:atom at yahoo-inc.com]
Sent: Monday, January 25, 2010 1:45 PM
To: Paul E. Jones
Cc: arshad.khan at channel321.com; specs at openid.net; 'John Panzer'
Subject: Re: Email Address to URL Transformation

Hi Paul -

This assumes that every user with a Gmail or Yahoo email account can
use
their account as an OpenID. Simply asking the user to enter their email
address to kickoff the sign-in process is a lot more scalable than the
NASCAR, and is probably a lot more usable then asking them to enter
their
OpenID URL.

Allen

On 1/24/10 7:12 PM, "Paul E. Jones"  <mailto:paulej at packetizer.com>
<paulej at packetizer.com> wrote:

But, wouldn't that assume that every user who has a gmail.com or

yahoo.com

email address uses Google or Yahoo, respectively, for OpenID?

_______________________________________________
specs mailing list
specs at lists.openid.net
http://lists.openid.net/mailman/listinfo/openid-specs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100127/5b556b92/attachment.htm>