against using user@host identifiers

Xageroth Sekarius xageroth at gmail.com
Thu Jun 2 18:22:07 PDT 2005 

I pretty much agree with your sentiment toward LID. I'm not entirely
sure there's a strict requirement that the page must be dynamic, tho,
it's been a while since I reviewed LID. If there really isn't much
different beyond that, using LID as a base would be advisable, no?

What did you not understand about my explanation of the alternate identifier?

Months before OpenID came along I conjured that alternate form to get
away from the ugliness of URL-based schemes. When OpenID came along, I
noticed there's really only one subtle difference between my method
and OpenID's and that's why I've mentioned it here when others pointed
out that straight URL's can get very ugly.

OpenID as it is:

User URL: http://id_host.com/users/jane/
Fetch HTML (or other) for: http://id_host.com/users/jane/
Follow LINK rel to identity services: http://id_host.com/cgi/service.pl

Alternate form:
User ID: jane~id_host.com
Fetch HTML (or other) for: http://id_host.com/
Follow LINK rel to identity services: http://id_host.com/cgi/services.pl

This only changes one thing: the user must use whatever identity
services their host uses. That may seem like a downside but really,
it's a non-issue. First of all, it will be a rare case that a
LiveJournal user will not want to use LiveJournal's identity services.
Secondly, even if they do wish to use an alternate service, it would
be bizarre for them to use LiveJournal as their identifier at that
point.

For example, I have a LiveJournal and Blogspot account, assume both
use OpenID. I can modify http://xageroth.livejournal.com/ to point to
my Blogspot identity services so that I can use that URL for my
OpenID, but why would I do that when Blogspot already provides me with
the identifier I need?

Arguments against the alternate form have been:

1) It breaks the glory of the URL-scheme, that a users blog becomes
their identity.

Point well taken, but it doesn't seem wrong to do both URL's and short
form. It's been simple to develop proxy's between these differing
ideas already so it doesn't seem impossible to convert the short form
into a persons blog somehow. Also a persons blog (which some people
have more than one of) is not their identity, it is an attribute of
their identity and, imho, should be treated as such. An attribute
which is retrievable by query to their identity services. The
advantage to this is it allows for scenerios where a person can say
"Hmm.. I don't mind my boss using my OpenID to retrieve my e-mail
address, but I don't really want to hand him the blog I make fun of
him on." Access to that blog attribute can be denied by the user from
that point.

2) It's weird / people won't get it / it's not supported by all keyboards

People catch on to whatever syntax you give them. The e-mail address
wasn't obvious to anyone when they first saw it. As far as I know it
is supported by most international keyboards, but if the character
chosen is a problem, change it. It can't be an @ for a huge number of
reasons I won't bother listing.

If nobody likes this idea, I totally understand. It is somewhat of a
shift away from using a URL as your identifier. So if using a
combination of the two and using it at all is not desirable, I don't
mean to sound like I'm pushing this on anyone. I'm not counting on it.

More information about the yadis mailing list