RE: Map/Normalize Email Address to IdP/OP URL (Was [PROPOSAL] Handlehttp://[EMAIL PROTECTED] Style Identifiers)
I'm not sure if it would necessarily be thrown away, I guess it is really up to the IdP. With two identifiers, it is pretty easy to pass to the IdP and let it decide what it wants to do. 1) I enter [EMAIL PROTECTED] as my identifier on the RP 2) RP does discovery on recordon.name and finds my IdP 3) RP constructs authentication request with openid.disco_id being [EMAIL PROTECTED] and openid.identifier being http://openid.net/identifier_select/2.0; That was all I was looking for describing in my initial proposal. --David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rowan Kerr Sent: Friday, November 10, 2006 11:23 AM To: specs@openid.net Subject: Re: Map/Normalize Email Address to IdP/OP URL (Was [PROPOSAL] Handlehttp://[EMAIL PROTECTED] Style Identifiers) On 11/9/06, David Fuelling [EMAIL PROTECTED] wrote: So, '[EMAIL PROTECTED]' would be treated as if the User had entered 'http://any.edu' (the URL of their IdP/OP) into the OpenId login form. I don't like the idea of telling people to enter their username, and then throwing it away. As mentioned below, [EMAIL PROTECTED] can map to a valid http url. This really, I suppose, is a matter of choice on the part of an IdP as to what sorts of instructions they give to their users about identifying themselves to RPs. Verisign's PIP does userx.pip.verisign.com Somone might do example.com/user/x Someone else might do [EMAIL PROTECTED] Discovery would be performed identically on all the above ... and we're left with a problem of user education. -Rowan ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Map/Normalize Email Address to IdP/OP URL (Was [PROPOSAL] Handlehttp://[EMAIL PROTECTED] Style Identifiers)
On 10-Nov-06, at 7:20 AM, David Fuelling wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan Daugherty # I think that all this discussion about email userid is moving us off # track. My original proposal was that the email maps/normalizes to a # URL of an IdP (the userid is ignored/not used). # # So, '[EMAIL PROTECTED]' would be treated as if the User had entered # 'http://any.edu' (the URL of their IdP/OP) into the OpenId login # form. Then why not just enter 'http://any.edu' or 'any.edu' instead? -- Jonathan Daugherty JanRain, Inc. True, there's almost no difference on the OpenId side. On the human side, email is more familiar to a typical user (e.g., my Dad) who may not know to try and strip off the dad@ part of his email to use with OpenId. Plus, why do we **not** want OpenId to work with email addresses (assuming we maintain the principals of User Centric Identity if we use them?) I strongly have the view that [EMAIL PROTECTED] is a really bad idea. Your dad is not providing his password to the RP, and should not be prompted for his username there. He should be prompted for the site he wants to get sent to where he can then enter his credentials. This model is something your dad is likely even more familiar with, typing in hostname into the address bar. Typing in the site where he logs in is what he does at the OpenID prompt. btw: why is this thread cross posted? -- Dick ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs