Santosh,
Why not store the claimed ID in the webfinger (LRDD) XRD document? The objective, I would hope, is to make it easier to log into web sites. Email-style identifiers make that easier, but the system does not have to be built around those. So, I sign up with a service provider. Let's just use my own site as an example. I am assigned an email address [email protected]. Behind the scenes, I am also assign an OpenID ID http://openid.packetizer.com/paulej. Now, when I visit a web site, I can type '[email protected]' and the site can perform a webfinger query to discovery by OpenID ID. We would define a link relation (something we've talked about before) that represents openid. It could be http://openid.net/identity or it could be simply "openid" (since link relations need not be URIs). Looking at the href of the "openid" link relation, one would find my OpenID URI http://openid.packetizer.com/paulej. Now, should I wish to have a different email provider than my openid provider, that's fine: I could change the record associated with the openid link relation to contain a different OpenID identifier. Alternatively, I could just get an account at someopenidop.com and they might assign an e-mail style address like [email protected] and perform the Webfinger resolution behind the scenes. Anyway, issue this request: $ curl http://www.packetizer.com/lrdd/?uri=acct:[email protected] You'll see the link relation for my claimed ID: <Link rel="http://openid.net/identity"; href="http://openid.packetizer.com/paulej"/> It does introduce another protocol, but I think these play nicely together. The real identity would remain the URL that OpenID uses today. The email identifier would just be an alias for it. Paul From: Santosh Rajan [mailto:[email protected]] Sent: Tuesday, May 11, 2010 12:39 PM To: Paul E. Jones Cc: Mike Jones; [email protected]; [email protected]; [email protected] Subject: Re: Draft charter for v.Next Attributes working group On Tue, May 11, 2010 at 8:55 AM, Paul E. Jones <[email protected]> wrote: Adding support for email-style addresses is something I like, but something that can be provided via webfinger. Thus, no change to the base protocol. I beg to disagree here. I think the base protocol needs to address the issue of email like identifiers. I would like to see that email like identifiers are valid OpenID claimed id's. So something like acct:example @ example.com should be a valid OpenID claimed_id. Also this discussion should not be in this thread (about attributes) and maybe someone could start a new thread on this subject. Thanks Santosh http://hi.im/santosh
_______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
