> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of Martin Atkins
> Sent: Friday, November 10, 2006 2:41 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [PROPOSAL] Handle "http://[EMAIL PROTECTED]" Style
Identifiers
>
> I provide email addresses to some of my friends, but I don't provide
> them with corresponding OpenID identities. By an unfortunate twist of
> fate, the domain I provide these addresses in is also my website, and
> since my site doesn't require authentication the WWW-Authenticate header
> is ignored. Consequently, http://[EMAIL PROTECTED]/ will end up
> at *my* website, not the website of the person who uses
> [EMAIL PROTECTED]
>
Ok, so (just to clarify) in your example we're talking about an email
address '[EMAIL PROTECTED]' that maps to a url at an IdP, such that
the mapped URL includes the username ('http://[EMAIL PROTECTED]')
[** just to be clear, this is David R's proposal...my proposal ignores the
userid in the email address **]
So, in your example, if you have given someone an email address with a
domain 'mydomain.com', and you choose not to offer OpenId services, then
emails in your domain can't be used with OpenId. I don't see the problem,
-- you own the domain, after all, and should control that decision.
Additionally, your scenario is also true in the case of a regular Identity
URL that you give out. If you provide an Identity URL
'http://someuser.mydomain.com', but you happen to support some other User
Centric Identity standard (i.e., not OpenId), and your user tries to use
the URL that you provided (with an OpenId RP), he'd get the same result.
_______________________________________________
specs mailing list
specs@openid.net
http://openid.net/mailman/listinfo/specs
