WebFinger at Google

Ben Laurie benl at google.com
Thu Mar 25 15:50:20 UTC 2010 

On 23 March 2010 23:20, John Panzer <jpanzer at google.com> wrote:

> A fundamental premise of Webfinger is that there are a lot of users --
> today, probably the majority of the Internet -- who are comfortable with and
> know their email address (or email like identifier, like a Jabber ID), who
> have no interest in acquiring an HTTP identifier as well, and in fact an
> extra HTTP identifier is a hindrance to them using the technology.  So, the
> desire to avoid the HTTP identifier in a user visible context derives from
> that premise.  And a login ID is definitely user visible; it's how you show
> a user who they're currently logged in as, for example.


Exactly, so why not say that the login ID is the "real" ID and be done with
it?


>
> On Tue, Mar 23, 2010 at 12:39 PM, Paul E. Jones <paulej at packetizer.com>wrote:
>
>>  John,
>>
>>
>>
>> Note that this means the user would not be logged in as bob at gmail.com,
>> but instead as https://www.google.com/profiles/3234234234234234.  (Since
>> step 6 doesn't know anything about steps 1-5.)  I think this has obvious
>> usability issues.
>>
>>
>>
>> Note that the OP cannot return acct:bob at gmail.com <acct%3Abob at gmail.com>as the claimed_id because the claimed_id has to be an openid, and under this
>> proposal acct:bob at gmail.com <acct%3Abob at gmail.com> isn't an OpenID.  So
>> the RP _might_ be able to retain both the entered (pre-normalized)
>> identifier and the final claimed_id, and display the former to the user and
>> the user's friends, but it seems complicated and unwieldy.
>>
>>
>>
>> I’m not really sure what to do about the fact that the *real* OpenID
>> identifier is something nearly impossible to remember.  Perhaps one might
>> argue that “that’s not the way it’s supposed to be.” :-)  Shouldn’t the
>> OpenID ID’s – even as HTTP(S) URIs – still be somewhat memorable? That said,
>> does it really matter?  If the user always logs in with an email ID that is
>> converted using Webfinger into the real OpenID ID, the process is always the
>> same.
>>
>>
>>
>> I would strongly suggest not trying to hide the OpenID ID or make it hard
>> to remember.  Why not https://openid.google.com/bob?  That’s likely
>> easier to remember.  So, is your concern with the user having to potentially
>> remember two IDs, or the fact that one is impossible to remember? :-)
>>
>>
>>
>> Paul
>>
>>
>>
>>
>>
>
>  To unsubscribe from this group, send email to webfinger+
> unsubscribegooglegroups.com or reply to this email with the words "REMOVE
> ME" as the subject.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100325/dc4b8b60/attachment.htm>

More information about the specs mailing list