identity as a URL instead of an email? hrmmmm
S. Alexander Jacobson
alex at alexjacobson.com
Mon Apr 3 17:39:43 UTC 2006
On Mon, 27 Mar 2006, Martin Atkins wrote:
> However, if your common case is using pass.net, then what you've created
> is little better than MSN Passport; the entire system is dependent on
> one domain which is itself controlled by one entity. If you go away or
> turn evil, the whole system comes crashing down.
My actual theory here is that users want services from member sites
and member sites need identity to provide those services so it is
member sites that are market for identity systems not end-users.
Different member sites need may need different things from their
identity providers. So I expect multiple pass.net providers to
compete to provide services to member sites.
As a personal matter, I don't want to be in the business of being an
identity provider. I am operating pass.net as such only because I
need the functionality for some sites I am building and I want to show
it can be done.
> Sure, at that point there is the option for people to set up their DNS
> to run it themselves, but there's still the problem that most users will
> be unable to bootstrap themselves without changing email address or
> switching to a more costly hosting plan.
No change of email address or costly hosting plan is required. There
is no reason a pass.net provider can't offer addresses that forward to
the user's actual email address.
> OpenID as it currently stands has a few different identity providers
> (TypeKey, MyOpenID, vIdentity, LiveJournal, GreatestJournal, ...) but
> most importantly provides a layer of abstraction that allows users to
> switch between these without throwing away the identity: the "delegate"
> mechanism. This leaves us in a similar situation to you:
> * Users can take the "easy option" and have all of the hard work done
> for them if they want by signing up to an identity host.
> * With a little extra work, a user can set up a personalized layer of
> abstraction over a hosted identity, in a conceptually similar fashion to
> email forwarding.
OpenId as it currently stands forces the user to learn a new concept
of identity and start using a different identifier than their email
address. The delegate mechanism for Pass.net is for the pass.net
provider to return an HTTP 302 Found to the member site. The
member-site can then re-try at the site delegated in the location
> What OpenID is missing is a way for users who have never heard of OpenID
> nor distributed identity to "jump right in" without learning about it
> and having to choose an identity provider right off the bat. This, as I
> see it, is the main virtue of your system.
> I can't help but feel that there must be a middle road here somewhere. I
> suppose that the nice thing about asking for an email address is that
> there's always the fallback of just doing traditional email validation
> if all else fails, with no extra pain on the user's part.
And that is what Pass.net does. Pass.net does an email confirm the
first time a site tries to authenticate a user (the "Contacting"
response). After that, member sites get the benefit of an
authenticated user even if that user has never visited their site
S. Alexander Jacobson tel:917-770-6565 http://alexjacobson.com
More information about the yadis