Dick Hardt wrote: > > On 20-Oct-06, at 10:14 AM, George Fletcher wrote: >> >> Of course, my expectation is that this syntax would be optional; the >> user can always specify their full URI identifier. >> >> I agree that this kind of an identifier is not portable, but I'm >> guessing that most users wouldn't know how to tweak their blog to add >> the necessary OpenID 1.1 HTML code to change their IDP. Most users, >> just use flickr for photos and if flickr supported OpenID, could >> potentially use some URI defined for them by flickr as an OpenID >> identifier. This identifier from flickr would not be very easily >> portable. > > My understanding of the proposal from David was that this was a way to > discover the user's IdP, not that the email was an identifier. > > -- Dick > Sorry to imply that email should be a valid identifier. That wasn't my intent. I'm fine with where this discussion is headed (and has headed in the past; after reading the old threads). For wide spread adoption it will be very important to have a "If you're not sure what to enter, click here" link on the login form to try and explain to users what they might be able to try as identifiers.
My comment was really trying to speak to the issue of identifier portability. Is there an OpenID definition for this? If I have an OpenID provided by SomeSite as http://george.somesite.com, then how is that identifier portable? For it to be portable, somesite.com would have to allow me to either (a) change the HTML code of my "public page" (though if I read the draft 2.0 spec correctly, the HTML method is deprecated) or (b) provide some mechanism where I could change the IDP service URL returned in the XRDS document. If somesite.com does not provide either of these mechanisms, then this identifier is not "portable". Also, the viability of my identifier may be dependent on the service. For instance, somesite.com may have a rule that says if I delete my SomeSite "account", then they will no longer authenticate my identifier. Of course, user choice always enters in and I can choose to not use that service as my OpenID identifier provider. The "i-names" infrastructure does solve some of this by focusing on the identity management issues. Though here I'm paying explicitly for this "portability" service (along with others). Thanks, George P.S. Should this discussion get moved to the "general" list? _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs