On 23 March 2010 23:20, John Panzer <[email protected]> wrote: > A fundamental premise of Webfinger is that there are a lot of users -- > today, probably the majority of the Internet -- who are comfortable with and > know their email address (or email like identifier, like a Jabber ID), who > have no interest in acquiring an HTTP identifier as well, and in fact an > extra HTTP identifier is a hindrance to them using the technology. So, the > desire to avoid the HTTP identifier in a user visible context derives from > that premise. And a login ID is definitely user visible; it's how you show > a user who they're currently logged in as, for example.
Exactly, so why not say that the login ID is the "real" ID and be done with it? > > On Tue, Mar 23, 2010 at 12:39 PM, Paul E. Jones <[email protected]>wrote: > >> John, >> >> >> >> Note that this means the user would not be logged in as [email protected], >> but instead as https://www.google.com/profiles/3234234234234234. (Since >> step 6 doesn't know anything about steps 1-5.) I think this has obvious >> usability issues. >> >> >> >> Note that the OP cannot return acct:[email protected] <acct%[email protected]>as >> the claimed_id because the claimed_id has to be an openid, and under this >> proposal acct:[email protected] <acct%[email protected]> isn't an OpenID. So >> the RP _might_ be able to retain both the entered (pre-normalized) >> identifier and the final claimed_id, and display the former to the user and >> the user's friends, but it seems complicated and unwieldy. >> >> >> >> I’m not really sure what to do about the fact that the *real* OpenID >> identifier is something nearly impossible to remember. Perhaps one might >> argue that “that’s not the way it’s supposed to be.” :-) Shouldn’t the >> OpenID ID’s – even as HTTP(S) URIs – still be somewhat memorable? That said, >> does it really matter? If the user always logs in with an email ID that is >> converted using Webfinger into the real OpenID ID, the process is always the >> same. >> >> >> >> I would strongly suggest not trying to hide the OpenID ID or make it hard >> to remember. Why not https://openid.google.com/bob? That’s likely >> easier to remember. So, is your concern with the user having to potentially >> remember two IDs, or the fact that one is impossible to remember? :-) >> >> >> >> Paul >> >> >> >> >> > > To unsubscribe from this group, send email to webfinger+ > unsubscribegooglegroups.com or reply to this email with the words "REMOVE > ME" as the subject. >
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
