<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>Re: OpenID Email Discovery</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>NAPTR is an ietf proposed standard but there is no deployed base. SRV has been supported in windows since 2000 and bind since before then.<BR>
<BR>
XRI is a specification, not an OASIS recommendation. Until the IPR commitments necessary to allow that change are made there is no standard.<BR>
<BR>
<BR>
Sent from my GoodLink Wireless Handheld (www.good.com)<BR>
<BR>
-----Original Message-----<BR>
From: Peter Davis [<A HREF="mailto:peter.davis@neustar.biz">mailto:peter.davis@neustar.biz</A>]<BR>
Sent: Thursday, January 03, 2008 02:07 PM Pacific Standard Time<BR>
To: Hallam-Baker, Phillip<BR>
Cc: Eran Hammer-Lahav; OpenID specs list<BR>
Subject: Re: OpenID Email Discovery<BR>
<BR>
actually, NAPTR RR's would be a better fit, as the unique-part of an <BR>
openID may be in the local-path part of a URI, not the hostname... of <BR>
course, if a users openID changes, so too might their underlying DNS <BR>
name, and then DNS won't help you at all there. XRI is better <BR>
situated to solve that use case.<BR>
<BR>
=peterd<BR>
<BR>
On Jan 3, 2008, at 4:48 PM, Hallam-Baker, Phillip wrote:<BR>
<BR>
> This is the function of the existing DNS SRV record.<BR>
><BR>
> _openid.example.com SRV 1 1 1 1 openid1.example.com<BR>
><BR>
> The Internet has an architecture already. Use it, don't try to <BR>
> reinvent it.<BR>
><BR>
> From: specs-bounces@openid.net on behalf of Eran Hammer-Lahav<BR>
> Sent: Thu 03/01/2008 4:01 PM<BR>
> To: 'OpenID specs list'<BR>
> Subject: OpenID Email Discovery<BR>
><BR>
> (The full story is posted at <A HREF="http://www.hueniverse.com/hueniverse/">http://www.hueniverse.com/hueniverse/</A><BR>
> 2008/01/addressing-open.html but this contains the technical parts <BR>
> of the post).<BR>
><BR>
><BR>
> This proposal adds Email Discovery allowing users to use their <BR>
> email address as an OpenID.<BR>
><BR>
><BR>
> …<BR>
><BR>
><BR>
> We need to map between the email to the OpenID identifier and this <BR>
> is where DNS comes in. DNS already has a system for resolving email <BR>
> addresses into an actual server – email resolution using an MX <BR>
> record. Why not add a new record type for OpenID. Basically another <BR>
> way to perform OpenID discovery that is all about making it user-<BR>
> friendly.<BR>
><BR>
><BR>
> All that is needed is a URL the site performing discovery can <BR>
> append the email to and treat it as an OpenID identifier. This can <BR>
> be done using a OpenID TXT record: ‘OpenID [username rule] <BR>
> [priority] [URL]’ where [username rule] is a wildcard expression <BR>
> used to match the username part of the email (everything up to the <BR>
> ‘@’), [priority] is the MX-like priority value, and [URL] is the <BR>
> URL used to generate the OpenID identifier. The URL uses ‘*’ to <BR>
> indicate where the username is inserted, and ‘**’ to indicate where <BR>
> the full, URL-encoded, email address is inserted (both optional). <BR>
> For example:<BR>
><BR>
><BR>
> example.com TXT ‘OpenID * 10 <A HREF="http://*.example.com/">http://*.example.com/</A>’<BR>
><BR>
> example.com TXT ‘OpenID joe 10 <A HREF="http://example.org/openid?**">http://example.org/openid?**</A>’<BR>
><BR>
><BR>
> Which reads: for any email address ‘@example.com’ other than ‘joe’ <BR>
> use ‘<A HREF="http://username.example.com/">http://username.example.com/</A>’ as the OpenID identifier. For <BR>
> email address ‘joe@example.com’ use ‘<A HREF="http://example.org/openid?joe%">http://example.org/openid?joe%</A><BR>
> 40example.com’ as the OpenID identifier. Rules are processed first <BR>
> based on the username rule match (in order of match closeness) and <BR>
> then on priority which is used in the same manner as MX records <BR>
> priority.<BR>
><BR>
><BR>
> …<BR>
><BR>
><BR>
> There are many ways to implement identity delegation, but in the <BR>
> context of email identifiers and simplifying the user experience, <BR>
> the idea is to move the delegation mapping to the OpenID provider. <BR>
> When users sign-up for a new OpenID, they will be given the option, <BR>
> perhaps as a premium paid service, to make the OpenID provider map <BR>
> incoming identity checks for the user email address with their <BR>
> local OpenID identifier. So instead of the users telling the site <BR>
> about their local identity (using delegation), the OpenID provider <BR>
> will perform the mapping.<BR>
><BR>
><BR>
> In the above example, ‘joe@example.com’ has his OpenID managed by <BR>
> ‘example.org’. When signing up for an OpenID at ‘example.org’, Joe <BR>
> asked it to accept identity requests for ‘joe@example.com’ or at <BR>
> least provide delegation discovery. When Joe tries to log into an <BR>
> OpenID-enabled site using ‘joe@example.com’, the site convert the <BR>
> email address to the URL ‘<A HREF="http://example.org/openid?joe%">http://example.org/openid?joe%</A><BR>
> 40example.com’ and use it like a regular OpenID identifier. <BR>
> ‘example.org’ will reply with the needed discovery information to <BR>
> get Joe authenticated using the OpenID protocol. By using the ‘**’ <BR>
> symbol, the full email address is sent over to the OpenID provider <BR>
> which can perform mapping of identities other than its own local ones.<BR>
><BR>
><BR>
> This can be viewed as hosted delegated identity where the OpenID <BR>
> provider also provides hosting of the OpenID delegation information <BR>
> for the user. It doesn’t require any new standards except for <BR>
> implementation and support by OpenID providers.<BR>
><BR>
><BR>
> ---<BR>
><BR>
><BR>
> Would love to get some feedback.<BR>
><BR>
><BR>
> Thanks,<BR>
><BR>
><BR>
> EHL<BR>
><BR>
> _______________________________________________<BR>
> specs mailing list<BR>
> specs@openid.net<BR>
> <A HREF="http://openid.net/mailman/listinfo/specs">http://openid.net/mailman/listinfo/specs</A><BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>