> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Martin Atkins > Sent: Friday, November 10, 2006 2:41 AM > To: [EMAIL PROTECTED] > Subject: Re: [PROPOSAL] Handle "http://[EMAIL PROTECTED]" Style Identifiers > > I provide email addresses to some of my friends, but I don't provide > them with corresponding OpenID identities. By an unfortunate twist of > fate, the domain I provide these addresses in is also my website, and > since my site doesn't require authentication the WWW-Authenticate header > is ignored. Consequently, http://[EMAIL PROTECTED]/ will end up > at *my* website, not the website of the person who uses > [EMAIL PROTECTED] >
Ok, so (just to clarify) in your example we're talking about an email address '[EMAIL PROTECTED]' that maps to a url at an IdP, such that the mapped URL includes the username ('http://[EMAIL PROTECTED]') [** just to be clear, this is David R's proposal...my proposal ignores the userid in the email address **] So, in your example, if you have given someone an email address with a domain 'mydomain.com', and you choose not to offer OpenId services, then emails in your domain can't be used with OpenId. I don't see the problem, -- you own the domain, after all, and should control that decision. Additionally, your scenario is also true in the case of a regular Identity URL that you give out. If you provide an Identity URL 'http://someuser.mydomain.com', but you happen to support some other User Centric Identity standard (i.e., not OpenId), and your user tries to use the URL that you provided (with an OpenId RP), he'd get the same result. _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs