Hey David, Thanks for your ideas. Some more thoughts below.
> -----Original Message----- > From: David Nicol [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 09, 2006 6:49 PM > To: David Fuelling > Cc: Martin Atkins; specs@openid.net; [EMAIL PROTECTED] > Subject: Re: [PROPOSAL] Handle "http://[EMAIL PROTECTED]" Style Identifiers > > On 11/9/06, David Nicol <[EMAIL PROTECTED]> wrote: > > http://[EMAIL PROTECTED] (cool addy, btw) certainly > won't get anyone to David Fuelling's home page, now or in any likely > future. > True, http://[EMAIL PROTECTED] won't get anyone to my homepage...but it would get me to my IdP (assuming Google was my IdP, and offered such a scheme). > Ideas: > > (1) define a way to include an e-mail address among the things obtainable > with an OpenID authentication, and a transform to provide a default when > none is declared > I think the OpenID Simple Registration Extension will provide for this (If I understand what you're meaning) http://openid.net/specs/openid-simple-registration-extension-1_0.html > (2a) declare that OpenID does not do e-mail based authentication and never > will > I hope this can get some more debate in some form or fashion. :) > (2b) name some other mechanism for e-mail based authentication and include > it by reference, blessing said method by so doing. > I think that all this discussion about email userid is moving us off track. My original proposal was that the email maps/normalizes to a URL of an IdP (the userid is ignored/not used). So, '[EMAIL PROTECTED]' would be treated as if the User had entered 'http://any.edu' (the URL of their IdP/OP) into the OpenId login form. Once the user agent is redirected to the 'any.edu' IdP, the IdP would be responsible for figuring out which user is trying to login to the IdP (this is already allowed by OpenId since we can enter a homesite/IdP/OP URL into the login form). The OP might authenticate me by biometric (voice, fingerprint, DNA Sample, etc), or some other scheme, making the username portion of my email irrelevant. Just to be clear, I'm **not** advocating that an email get transformed into a URL that includes the userid of the email (although, I'd be open to entertaining the notion). _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
