Backwards compatibility with existing identifiers

Mike Hearn mike at plan99.net
Wed Nov 2 15:22:15 PST 2005


Hi,

One obvious problem with OpenID as it exists today is that not many people
actually own a URL, but nearly everybody owns an email address. I see from
the archives that allowing usage of email addresses instead of URLs has
been raised but the discussion was inconclusive.

I think it'd be a good idea to:

 a) Map user at domain addresses to http://domain/openid/user type URLs,
    which can redirect to wherever is appropriate (possibly even
    myopenid.com)

 b) If the first mapping fails (ie, no compatible server answers) try
    again this time mapping user at domain to
    http://user.domain.mapper.openid.net/openid/user.

    This IMHO is essential for widespread OpenID deployment as it adds
    backwards compatibility with the existing infrastructure in which the
    email address is the canonical identity (almost all websites let you
    email your password to yourself), and it means that AOL/Hotmail users
    etc can log into websites using their existing address after
    going through a simple registration process with a generic OpenID 
    provider, (for instance hotid.com ;)

Yes it's centralised. Yes that's evil. Yes it's unclean. Backwards
compatibility often is. Nothing in this scheme stops people running their
own servers, or providing a URL instead of an email address if they wish
to, but for the majority of users who know that their email address
identifies them this scheme is probably more intuitive and lowers the
barrier to entry significantly (because it's no longer "oh god one more
username, that's the last thing I need).

Thoughts?

thanks -mike
    



More information about the yadis mailing list