identity as a URL instead of an email? hrmmmm

Lukas Rosenstock inbox at lukasrosenstock.net
Thu Mar 23 09:09:23 UTC 2006


Am 23.03.2006, 09:32 Uhr, schrieb Martin Atkins <mart at degeneration.co.uk>:

> Harry Heymann wrote:
>>
>> So why make my identity a URL?  I know there are technical reasons for
>> this, but ultimately I don't really care about them in the face of the
>> kind of user confusion this will create.

Why should users be confused? I'd say they are not confused with the type  
of identifier they have to give but with the concept of SingleSignOn  
itself. Usually they know that when they come to a certain site they click  
Register, enter a bunch of data about themselves including their  
e-mail-adress. For logging on again some sites use the e-mail as  
identifier but there are as many sites who take a self-chosen username or  
a numeric id. If they have to learn that they can use one single  
identifier token on every site they can as well learn that this is not an  
email-adress.

> The most common issue with this is that people *don't want* to tell
> others their email address just to access some site, because email is
> tricky to reliably filter should someone start sending you loads of crap
> you don't want.

This is correct and might even further enhance acceptance of OpenID  
because users know what they are doing and that this will not make them  
receive spam (unless someone implements a Yadis service for  
unauthenticated messaging ...).

> I think in the long term the XRID people would like their own crazy
> brand of URI to become the identifier. XRID can be a layer atop URLs, so
> if they have success with that then a future version of OpenID (or, more
> likely, YADIS) will be able to use these instead of URLs. For now, we're
> stuck with URLs.

Theoretically this is already possible today. Let's see how fast it  
spreads.

>
> This is irrelevant most of the time because users don't need to know
> that what they're entering is a URL. LiveJournal users just get told to
> put in "username.livejournal.com"; they don't need to know nor care that
> this is the URL to their journal.

But we should tell them. I think even a non-techie can understand that  
OpenID works by "looking at your site and find something invisible to you  
that tells them how to identify you".

Regards,
  Lukas


More information about the yadis mailing list