John,
Note that this means the user would not be logged in as [email protected], but instead as https://www.google.com/profiles/3234234234234234. (Since step 6 doesn't know anything about steps 1-5.) I think this has obvious usability issues. Note that the OP cannot return acct:[email protected] <mailto:acct%[email protected]> as the claimed_id because the claimed_id has to be an openid, and under this proposal acct:[email protected] <mailto:acct%[email protected]> isn't an OpenID. So the RP _might_ be able to retain both the entered (pre-normalized) identifier and the final claimed_id, and display the former to the user and the user's friends, but it seems complicated and unwieldy. I'm not really sure what to do about the fact that the real OpenID identifier is something nearly impossible to remember. Perhaps one might argue that "that's not the way it's supposed to be." :-) Shouldn't the OpenID ID's - even as HTTP(S) URIs - still be somewhat memorable? That said, does it really matter? If the user always logs in with an email ID that is converted using Webfinger into the real OpenID ID, the process is always the same. I would strongly suggest not trying to hide the OpenID ID or make it hard to remember. Why not https://openid.google.com/bob? That's likely easier to remember. So, is your concern with the user having to potentially remember two IDs, or the fact that one is impossible to remember? :-) Paul
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
