A proposal: email to URL mapping. Brad’s just too damn smart. A simple solution to mapping an e-mail address to an OpenID that takes advantage of existing technology (YADIS) and doesn’t adversely affect e-mail privacy.
Sign in with 
OpenID
A bit too simple, I think, to map to all the network "layouts" currently permitted and used by smtp.
No matter what, each email provider will have unique requirements for which machines will have both the ability to serve web requests and the ability to query the mail server's user database, so it's good that the first step is to attempt discovery of this machine's URL. But, his proposal isn't clear on which machine using the my-email-domain.com name is to be queried by YARDIS. If it is querying the same machine as a web browser would do, it requires that whoever is in charge of the HTML for that web server take over the duties of the organization's DNS hostmaster, at least with respect to tracking the address of the IT department's email-URL mapping service, though I suppose this is a common problem, especially with web services that aren't "owned" by the web department. Further, it ignores (unusual) sites that run a webserver only at the address www.my-email-domain.com, or web... or squiggly... (with my-email-domain.com not responding to port 80 or not even having an A record). Or as a more common example, an email address like me@ny-branch.my-email-domain.com, which almost certainly won't have it's own web server.
If you're meant to query the MX host on the other hand, that means running a web server on your mail server, which will annoy quite a few IT departments and security folks. Plus, what about servers that have lower precedence MX records? They might just be there as a store-and-forward backups and have no clue as to which users do or don't exist.
That said, it's a simple solution for the way <i>most</i> personal sites are setup, especially those on shared webhosting, and I suppose that's 98% of openid providers (or early adopters at least). Since the problems can all be overcome by larger organizations, albeit with a great deal of trouble on their part, perhaps it's best to aim at the hobbyist market first and force the corporate world to hire consultants and purchase integration products if they want to join in. It's better than forcing the hobbyists to run LDAP servers providing a "web" service interface communicating through an XML format defined by a 500-page specification written to handle all the odd corner-cases of the 10 largest corporations on the committee. Or maybe we should all start using finger again.
Anonymous - 8th February 2008 18:35 - #