On 02/12/2008, at 1:25 PM, Dirk Balfanz wrote:
Well, here is the scenario: I buy foobar.com for $3/year at
cheapdomains.com. I pay an extra dollar to have "email", which means
I tell them where I want my email forwarded. I pick [EMAIL PROTECTED]
to be forwarded to [EMAIL PROTECTED] I pay another extra dollar per
year for "web hosting", which means I get a web interface on
cheapdomains.com to create some web pages, which get served on www.foobar.com
. I set up a couple of pages there with pictures of my cats or
whatever and I am done.
I now also want to use my email address [EMAIL PROTECTED] as my OpenID
identifier [1] because I heard that that will end my having to
create ever-more accounts on the web. I am told that in order to get
that to work I need to host a page called "site-meta" on my site
with some weird-looking text in it that I don't understand. But,
hey, I know how to get that served off www.foobar.com so that's cool.
I have never heard of DNS.
Is that a use case we want to support?
Dirk.
[1] Let's assume that OpenID 3.0 and XRD 2.0 allow that and define
some way to discover OpenID endpoints from email addresses.
/site-meta on http://foobar.com/ doesn't (and can't, on its own) make
any authoritative assertions about mailto:[EMAIL PROTECTED]; even though
the authority is the same, the URI scheme is different.
I know this particular issue is an important one to the OpenID folks,
but there needs to be a very careful and broad discussion of allowing
policy and metadata from HTTP to be considered *automatically*
authoritative for other protocols.
--
Mark Nottingham http://www.mnot.net/
