[re-sending in plain-text]
Many sites allow users to register for services using an e-mail address.
Often such sites require the user to verify ownership of the e-mail
address by sending an e-mail to the just registered address, but not
always. When a site allows such a registration they
Phillip,
Ok, now I understand what you're saying about not using Http in this way.
However, I'm not advocating doing anything with the username part of an
email (this might be where we're missing each other). I'm saying that we
just take the domain + tld of an email, normalize it per the OpenId
On Wed, 2006-11-08 at 00:42 -0800, Dick Hardt wrote:
-Original Message-
From: Recordon, David
But the security warnings will still exist:
- RP redirects me to http on IdP
- IdP redirects me to https on IdP for login page (warning)
no warning on GET redirects
If GET is
On Wed, Nov 08, 2006 at 11:16:41PM -0500, David Fuelling wrote:
Couldn't one make the opposite argument -- that most people's email address
NOT working when they plug it into the OpenId login field could actually be
a good thing? (especially in the beginning of OpenID)
Scenario #2 (WITH
On Nov 8, 2006, at 23:42, Hallam-Baker, Phillip wrote:
What you are calling discovery is what I would term location.
URL - Uniform Resource Locator
The locator is completely self contained, no discovery necessary,
all the information you need to resolve is there.
Gotta nitpick here,
Hey David,
Thanks for your ideas. Some more thoughts below.
-Original Message-
From: David Nicol [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 09, 2006 6:49 PM
To: David Fuelling
Cc: Martin Atkins; specs@openid.net; [EMAIL PROTECTED]
Subject: Re: [PROPOSAL] Handle
# I think that all this discussion about email userid is moving us off
# track. My original proposal was that the email maps/normalizes to a
# URL of an IdP (the userid is ignored/not used).
#
# So, '[EMAIL PROTECTED]' would be treated as if the User had entered
# 'http://any.edu' (the URL of