identity as a URL instead of an email? hrmmmm

S. Alexander Jacobson alex at
Sun Mar 26 20:05:15 UTC 2006

On Sun, 26 Mar 2006, Martin Atkins wrote:
> How can someone who uses, for example, a email address make
> use of your system without Hotmail's co-operation? Loads of people have
> hotmail addresses.

To be clear, my main complaint about openId/yadis/sxip is that they 
require adoption by both users AND membersites to get going.  And the 
user-education/adoption story for them felt highly unrealistic.  One 
of my goals for was to eliminate the explicit 
user-adoption/education component.

So, with, it is the "member site" that decides whether or not 
to support the protocol.  If the user's email domain doesn't yet do 
its part, then the member site can default to an shared 
protocol email address authentication provider. is providing this public service right now.  I am currently 
working on a few projects that will use for authentication in 
the absence of user domain support when they go live. As such, I've 
tried to make's authentication service as transparent as 
possible from a user perspective, but if someone else can do it 
better, I'd be happy to use their service instead (Hey Dick, Sxip has 
a lot of infrastructure for this sort of thing already built.  Hint!)

The point of the subdomain thing is to let users who want 
more control, choose a domain that provides it.  In the worst case, 
they get an address at a domain that provides the control they want 
and have it forward to their actual email account somewhere else.  So, 
in the worst case, it is logistically no different from signing up for 
a homesite.  However in the average case it is A LOT simpler because 
they don't even notice that it is happening.

> > FYI, I serve out XML w/ stylesheet PIs to mozilla and IE because they
>> can handle it.  I do XSLT server side for lynx/konqueror/safari/opera
>> which can't. If you have a serious objection to this approach or an
>> explanation for how it relates to this discussion, I would love to hear
>> it.  If you are just blowing off steam, perhaps you might try going to
>> the gym.
> I only noticed it because your server served it to my Opera browser,
> which of course didn't work and left me with a blank page. Obviously
> something has gone wrong somewhere. You might want to look into that.

Yeah, I had a bug in the user-agent detection code a while ago, that I 
thought I fixed.  It is working for me when I use opera.  Are you 
still seeing XML rather than HTML?

>>> makes me think that this is someone who hasn't quite grasped the
>>> current realities of the network, which was also the first thing I
>>> thought when I saw this "magic DNS" approach.
>> Care to elucidate what "current realities" of which "network" bear on
>>  Or what is "magical" about creating a subdomain.
> Current issues that relate to your implementation:
> * Most users have no or little control over the domain that hosts their
> email, either because someone else provides their email or because their
> vanity domain provider only provides email forwarding services without
> additional fees.

See above re optionality.  To be clear, nothing stops users who 
actually care from moving their forwarding domain to a DNS provider 
that supports subdomains.  Or from getting an address at a domain that 
give sthem the authentication/control they want.  The point is that we 
don't impose costs on users who don't care.

> * Introducing new technologies that require big companies to buy in
> before they can work are rarely successful. What incentive does Hotmail
> have to play with you? If you want your solution to gain more than a
> handful of users you need to allow users to bootstrap themselves in
> spite of their provider as OpenID does.

Again, support from the email domain is optional.  I think that sites 
like Hotmail will want to provide this service to their users because 
I think there are revenue opportunities for them in doing so, but, 
again, adoption is really up to member-sites not mail domains.

> * Your system will probably require people to change their email
> addresses until such a time as every possible email provider also
> provides services. I'd guess most people don't want to change
> their email addresses just to try some crazy new identity scheme.

Again, nothing stops a user who really cares from using a different 
email address for authentication and having it forward to their actual 
email address.  But that is entirely optional.  And again, in the 
worst case, it is still easier than homesite and in the average case 
it is substantially better.

> Of course, others may have a different point of view on these issues.
> Despite my reservations, I wish you luck with your idea. Hopefully
> eventually one of these crazy single sign-on schemes will catch on; my
> money is on the one that has the lowest barrier of entry to users.



S. Alexander Jacobson tel:917-770-6565

More information about the yadis mailing list