[OT] Re: User @ domain.tld as ID (Once again)

Rasqual Twilight oid at rasqual.silk.com
Thu Nov 3 05:02:04 PST 2005

On 11/3/05, Christopher E. Granade wrote:
> Please excuse this incredibly off-topic post, but just wanted to respond
> to some things about homogenity of the user at domain idiom.
> (...)
> Note that I don't advocate OID support for user at domain idioms, but I
> will point out that if it is found to be useful to implement this, one
> could do it by asking the domain for a URL for that user. For example:
> - --> GET http://example.com/?oid=joeuser
> <-- REDIRECT http://www.example.com/~joeuser/
> Again, this kind of approach would be simple to do with mod_rewrite.
> Also, I would like to remind that this example was only how to do it,
> not an advocacy that it be done.
> - --Chris

Now *that* sounds better than having the mailto-like URI map to a
centralized server.
The redirect page could then contain indeed a delegation for another
URL, if example.com does not run an OpenID server, or if the user
wants to override it in her preferences.

One inconvenience I see for OpenID URIs tied to an email address is
how vulnerable to spam they become. A crawler bot would just have to
spider large communities such as SlashDot, crop IDs for TLDs known to
tie foo at example.org (mbox) and foo at example.org (OpenID) URIs, then
workaround <at>, (dot), and so on, obfuscation systems to finally
register your email in their database.

Another disadvantage is, you would have to modify the
index.ph|pl|<py|insert your processor here> to handle the oid case. In
this regard, a more discreet URL component would be the /_openid/
mentioned previously.


More information about the yadis mailing list