identity as a URL instead of an email? hrmmmm

S. Alexander Jacobson alex at
Mon Apr 3 17:39:43 UTC 2006

On Mon, 27 Mar 2006, Martin Atkins wrote:

> However, if your common case is using, then what you've created
> is little better than MSN Passport; the entire system is dependent on
> one domain which is itself controlled by one entity. If you go away or
> turn evil, the whole system comes crashing down.

My actual theory here is that users want services from member sites 
and member sites need identity to provide those services so it is 
member sites that are market for identity systems not end-users.

Different member sites need may need different things from their 
identity providers.  So I expect multiple providers to 
compete to provide services to member sites.

As a personal matter, I don't want to be in the business of being an 
identity provider.  I am operating as such only because I 
need the functionality for some sites I am building and I want to show 
it can be done.

> Sure, at that point there is the option for people to set up their DNS
> to run it themselves, but there's still the problem that most users will
> be unable to bootstrap themselves without changing email address or
> switching to a more costly hosting plan.

No change of email address or costly hosting plan is required.  There 
is no reason a provider can't offer addresses that forward to 
the user's actual email address.

> OpenID as it currently stands has a few different identity providers
> (TypeKey, MyOpenID, vIdentity, LiveJournal, GreatestJournal, ...) but
> most importantly provides a layer of abstraction that allows users to
> switch between these without throwing away the identity: the "delegate"
> mechanism. This leaves us in a similar situation to you:
> * Users can take the "easy option" and have all of the hard work done
> for them if they want by signing up to an identity host.
> * With a little extra work, a user can set up a personalized layer of
> abstraction over a hosted identity, in a conceptually similar fashion to
> email forwarding.

OpenId as it currently stands forces the user to learn a new concept 
of identity and start using a different identifier than their email 
address.  The delegate mechanism for is for the 
provider to return an HTTP 302 Found to the member site.  The 
member-site can then re-try at the site delegated in the location 

> What OpenID is missing is a way for users who have never heard of OpenID
> nor distributed identity to "jump right in" without learning about it
> and having to choose an identity provider right off the bat. This, as I
> see it, is the main virtue of your system.


> I can't help but feel that there must be a middle road here somewhere. I
> suppose that the nice thing about asking for an email address is that
> there's always the fallback of just doing traditional email validation
> if all else fails, with no extra pain on the user's part.

And that is what does. does an email confirm the 
first time a site tries to authenticate a user (the "Contacting" 
response).  After that, member sites get the benefit of an 
authenticated user even if that user has never visited their site 


S. Alexander Jacobson tel:917-770-6565

More information about the yadis mailing list