What if Email addresses were your OpenID's, ie. your OpenEmailID's?
1) As a user you don't have to learn anything new. You just continue to use your email addresses to log in anywhere like you almost always did.
2) Web sites can easily integrate OpenEmailID into their existing log in systems. eg. If Facebook were to implement OpenEmailID's there is really nothing much more it needs to do. If the authenticated OpenEmailID is an existing account thats the users account. If it does not exist it is a new account and Facebook can skip the email verification process, an obvious advantage.
Considering the above two points OpenEmailID's are really a no brainer.
Now let us see what is needed to implement this. Turns out we don't need anything more than what we already have!
If a web site requires email address Log in, chances are, 1 out 3 of its users, would be logging in with a Yahoo or Gmail account. These figures are based on email client statistics. I know you can argue this figure but it doesn't affect the overall argument.
When a web site detects a Yahoo or Gmail address it can not only get the user authenticated from that web site (via OpenID directed identity), it will also get a verified email address of the account. Google already supports this and Yahoo will be supporting this very soon.
In effect this is the Users OpenEmailID. So you already have it for one third of the cases. I expect AOL and Microsoft to support this in the near future. In effect this pretty much covers 80% of the email Users.
In the case of companies or individuals running their own email servers, they can very easily implement an OpenID 2.0 provider service on their domain. The software is available free as Open Source.
And that's not all. We don't even have to wait for Microsoft, AOL and the other companies. If a User does not have a Yahoo or Gmail account he can get an OpenEmailID for free from a number of Providers even now! He can create a Google account with his own Email address. He can create an OpenID account from one of the OpenID providers like myOpenID or MyVidoop. He can actually create an OpenEmailID at any provider who supports OpenID 2.0 and supplies a verified email address.
So if the user does not have a Yahoo or Google account a web site needs to ask if he has an account with any of the above providers. This has to be done once only, and the web site should save his account preference. And the web site should encourage the user to create an account at one of these sites.
All this can be done very easily, because there is nothing new to implement or invent here. It only requires some concerted effort from the open web community, providers and web sites.
We can very easily achieve the objective of a single sign on. One email one password. One OpenEmailID!
Posts
2 comments:
A lot of work has been done in the area of using identifiers for OpenID authentication aside from the standard http(s) URL... email addresses, telephone numbers, whatever. For email, we had an early spec called EAUT. It never really got off the ground, and a lot of what it described is being defined in the upcoming discovery specification, XRD. I'm not expecting XRD to define a profile for performing discovery on mailto: URIs, so that will be the only missing piece.
There you go! You say mailto: URI's will not be supported. So what use is it going to be?
Unfortunately we the community, in our idealism are not willing to see the writing on the wall, and refuse to accept the fact that the horse has bolted from the barn long back.
This only makes the case for an OpenEmailID stronger.
Post a Comment