Re: Using email address as OpenID identifier
Paul E. Jones wrote: Perhaps it is important to say, though, that I do not think it requires the e-mail providers to get on board with this (in my view) simpler notation. I could use an ID like [EMAIL PROTECTED] and that should work, if myopenid.com would publish the appropriate NAPTR record. I could also insert NAPTR records into the packetizer.com DNS server that would allow me to use my email address, but point at my preferred OpenID provider. In short, just because the [EMAIL PROTECTED] syntax is used does not mean that it necessarily an e-mail address: it could be, but more importantly, it just follows that familiar format documented in RFC 822. Funnily enough, I've always percieved the fact that syntactically-valid but non-existant email addresses are being used as identifiers as a problem rather than a benefit: * It creates confusion for users when something looks like an email address but it doesn't behave as one. I've seen this sort of confusion with Jabber servers, where users get confused that their Jabber ID and email address are not the same, especially when Jabber clients say For example, [EMAIL PROTECTED] under the Jabber ID field. * If not all email-shaped OpenID identifiers are actually working mailboxes, it's likely to lead to a distressing user experience where the user is first asked to enter their OpenID identifier -- that is, their email address -- and then they're asked to enter and verify their email address. At this point, I expect users to at best say Stupid computer! Remember what I've told you! and at worst get confused and think that the OpenID identifier they entered was not correct. * As has often been raised in both the OpenID-with-email and in the Jabber circles, many people are reluctant to give up their email addresses to the public eye for fear of spam. Note that Yahoo.com will, by default, use a big opaque string as an identifier rather than the user's Yahoo! account name for this very reason. ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Using email address as OpenID identifier
Paul E. Jones wrote: I’ll give you that one: that’s certainly easier. But, does not cause some confusion? After all, one’s identity is not yahoo.com, but that is the identity provider. Perhaps the prompts around the Internet ought to Say “OpenID Provider:” instead? :-) I propose that the caption be Whatever your OpenID provider told you to enter: . (I joke, of course. Mostly.) ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Using email address as OpenID identifier
This would require defining an OpenID SRV record in DNS. Would make sense for someone to get this formally defined as part of IETF. Could kinda be done in the same way that Boeing is moving forward definition of XRI in LDAP.. -Original Message- Message: 1 Date: Mon, 07 Apr 2008 18:56:57 +0100 From: Martin Atkins [EMAIL PROTECTED] Subject: Re: Using email address as OpenID identifier To: specs@openid.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Paul E. Jones wrote: Perhaps it is important to say, though, that I do not think it requires the e-mail providers to get on board with this (in my view) simpler notation. I could use an ID like [EMAIL PROTECTED] and that should work, if myopenid.com would publish the appropriate NAPTR record. I could also insert NAPTR records into the packetizer.com DNS server that would allow me to use my email address, but point at my preferred OpenID provider. In short, just because the [EMAIL PROTECTED] syntax is used does not mean that it necessarily an e-mail address: it could be, but more importantly, it just follows that familiar format documented in RFC 822. Funnily enough, I've always percieved the fact that syntactically-valid but non-existant email addresses are being used as identifiers as a problem rather than a benefit: * It creates confusion for users when something looks like an email address but it doesn't behave as one. I've seen this sort of confusion with Jabber servers, where users get confused that their Jabber ID and email address are not the same, especially when Jabber clients say For example, [EMAIL PROTECTED] under the Jabber ID field. * If not all email-shaped OpenID identifiers are actually working mailboxes, it's likely to lead to a distressing user experience where the user is first asked to enter their OpenID identifier -- that is, their email address -- and then they're asked to enter and verify their email address. At this point, I expect users to at best say Stupid computer! Remember what I've told you! and at worst get confused and think that the OpenID identifier they entered was not correct. * As has often been raised in both the OpenID-with-email and in the Jabber circles, many people are reluctant to give up their email addresses to the public eye for fear of spam. Note that Yahoo.com will, by default, use a big opaque string as an identifier rather than the user's Yahoo! account name for this very reason. * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
Re: Using email address as OpenID identifier
What about having an ENUM e164.org record holding not only the IP of an SIP-Broker, but the OpenID ID. Whatever format and syntax it might have. The appropriate IETF RFC 2916 E.164 number and DNS could provide not only mangling with eMail addresses but also with telephone numbers: this will provide much more fun ! But seriously: mixing the POTS numbering system with the now good old internet identification could be a in place solution, IMHO. 2ct .bax Am 07.04.2008 um 21:21 schrieb McGovern, James F (HTSC, IT): This would require defining an OpenID SRV record in DNS. Would make sense for someone to get this formally defined as part of IETF. Could kinda be done in the same way that Boeing is moving forward definition of XRI in LDAP.. -Original Message- Message: 1 Date: Mon, 07 Apr 2008 18:56:57 +0100 From: Martin Atkins [EMAIL PROTECTED] Subject: Re: Using email address as OpenID identifier To: specs@openid.net Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Paul E. Jones wrote: Perhaps it is important to say, though, that I do not think it requires the e-mail providers to get on board with this (in my view) simpler notation. I could use an ID like [EMAIL PROTECTED] and that should work, if myopenid.com would publish the appropriate NAPTR record. I could also insert NAPTR records into the packetizer.com DNS server that would allow me to use my email address, but point at my preferred OpenID provider. In short, just because the [EMAIL PROTECTED] syntax is used does not mean that it necessarily an e-mail address: it could be, but more importantly, it just follows that familiar format documented in RFC 822. Funnily enough, I've always percieved the fact that syntactically- valid but non-existant email addresses are being used as identifiers as a problem rather than a benefit: * It creates confusion for users when something looks like an email address but it doesn't behave as one. I've seen this sort of confusion with Jabber servers, where users get confused that their Jabber ID and email address are not the same, especially when Jabber clients say For example, [EMAIL PROTECTED] under the Jabber ID field. * If not all email-shaped OpenID identifiers are actually working mailboxes, it's likely to lead to a distressing user experience where the user is first asked to enter their OpenID identifier -- that is, their email address -- and then they're asked to enter and verify their email address. At this point, I expect users to at best say Stupid computer! Remember what I've told you! and at worst get confused and think that the OpenID identifier they entered was not correct. * As has often been raised in both the OpenID-with-email and in the Jabber circles, many people are reluctant to give up their email addresses to the public eye for fear of spam. Note that Yahoo.com will, by default, use a big opaque string as an identifier rather than the user's Yahoo! account name for this very reason. * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs ___ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
