Take a look at http://www.hueniverse.com/hueniverse/2008/01/addressing-open.html - especially the list of other solutions proposed before me, as well as Brad's proposal.
The thing is, you need the @gmail, @hotmail, @msn, @yahoo, @aol to support this DNS, and they *are* the email providers. EHL From: Paul E. Jones [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2008 11:42 PM To: Eran Hammer-Lahav; specs@openid.net Subject: RE: Using email address as OpenID identifier Eran, You're entirely correct that this is not an OpenID issue, per se. In fact, not a single word of text would need to be changed in the current v2 specs, as far as I'm concerned. But, I do think that it will take some of the core OpenID team members to put a stake in the ground and say, "this is the convention that we'll follow." What needs to happen then is perhaps an extension written that explains how to convert an email address to a URL. Using NAPTR records seems like the simplest way to do it to me, but I'm open to suggestions. Perhaps it is important to say, though, that I do not think it requires the e-mail providers to get on board with this (in my view) simpler notation. I could use an ID like [EMAIL PROTECTED] and that should work, if myopenid.com would publish the appropriate NAPTR record. I could also insert NAPTR records into the packetizer.com DNS server that would allow me to use my email address, but point at my preferred OpenID provider. In short, just because the [EMAIL PROTECTED] syntax is used does not mean that it necessarily an e-mail address: it could be, but more importantly, it just follows that familiar format documented in RFC 822. Paul From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eran Hammer-Lahav Sent: Tuesday, April 01, 2008 10:43 PM To: specs@openid.net Subject: RE: Using email address as OpenID identifier The beauty of the current OpenID spec is that anyone can implement it and go live. However, with email identifiers you need email providers to support it. If Google, Yahoo, AOL, or Microsoft announced they are adding such a feature, I am sure the others are likely to follow. Get 2 of these 4 and you've got something going. But the biggest issue is not picking a standard but finding a company willing to put something out there. As for the technical solutions, there are many from DNS to XRDS to a simple template agreed by all. Brad Fitzpatrick argued at FooCamp that this is not an OpenID issue, but a non-HTTP URI --> HTTP URI conversation. Basically if you had a generic way of moving from mailto:[EMAIL PROTECTED] to http://example.com/url/user (or any other URI with HTTP, the domain, and the user), any URI can be used for OpenID. But at the end this is about someone of a major email provider saying they are interested and put out something people can use. After that I expect the snowball to roll. So, do you know anyone? :) EHL From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul E. Jones Sent: Tuesday, April 01, 2008 10:31 PM To: specs@openid.net Subject: Using email address as OpenID identifier Folks, I've seen discussion here and there on the use of the e-mail address as the OpenID identifier. Perhaps this one says it best: http://www.majordojo.com/2007/02/what-openid-needs.php I share many of same opinions. If OpenID is going to be practically usable by the average person, we cannot require the person to remember some very complex identifier. When I signed up for Yahoo's OpenID service, it presented me with a hideously ugly URL that looked similar to a base64-encoded string. I could not begin to tell you what it was. Fortunately, Yahoo allowed me to define my own, friendlier name. Still, the ID is not one that the average user will remember or get right. While the e-mail address does not have to be the one's ID, it can certainly serve as an alias. Suppose, for example, that the DNS records at Yahoo contained the following entry: yahoo.com. IN NAPTR 100 10 "U" "OpenID2" "^(.+)@(.*)$!https://me.yahoo.com/\1!i"; This would allow a Relaying Party to accept an e-mail address and perform a simple transformation to get the "real" URL identifier. Of course, this does not mean that the existing URL or XRI identifiers are invalid, nor does it mean that the "email address" has to be a real e-mail address. But, this form would certainly be far simpler for most people to deal use. If something like this has been discussed and rejected, what was the reason? Thanks, Paul
_______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
