Alternative to OpenID

calendar Oct 15, 2008 · 3 min read · authentication DNS OpenID  ·
Share on: linkedin copy

I’ve never been a big fan of OpenID, it feels like an interesting solution to a problem, but not the solution that makes sense.  For starters it requires me to learn something new, which as an “average” user I don’t want to do.

Quick education for those not familiar with OpenID.  OpenID allows you to have a single digital identity that enables you to log into multiple websites using one ID and password.  This means that when I find myself at a signin/signup form I can enter koblas.example.com (it could be as nasty as https://me.yahoo.com/a/nDvVG6521ORdniQiNkMGjNXR3g–) as my identity.

From a practical standpoint it doesn’t make sense to have a second ID (or third, fourth, etc.) in the universe.  I’ve started “enjoying” websites which have given up on the USERNAME concept and just let me use an email address and password to signup/signin.   Now we’re drifting into an interesting world.

What I would like to see is my email address being my unique identifier, after all you’re going to send the account confirmation message there, I’m going to have to confirm it, etc. etc.  Product like [I’ve never been a big fan of OpenID, it feels like an interesting solution to a problem, but not the solution that makes sense.  For starters it requires me to learn something new, which as an “average” user I don’t want to do.

Quick education for those not familiar with OpenID.  OpenID allows you to have a single digital identity that enables you to log into multiple websites using one ID and password.  This means that when I find myself at a signin/signup form I can enter koblas.example.com (it could be as nasty as https://me.yahoo.com/a/nDvVG6521ORdniQiNkMGjNXR3g–) as my identity.

From a practical standpoint it doesn’t make sense to have a second ID (or third, fourth, etc.) in the universe.  I’ve started “enjoying” websites which have given up on the USERNAME concept and just let me use an email address and password to signup/signin.   Now we’re drifting into an interesting world.

What I would like to see is my email address being my unique identifier, after all you’re going to send the account confirmation message there, I’m going to have to confirm it, etc. etc.  Product like]2 are starting to show up and claim ownership of my identity.  Why not use email and DNS to take over for OpenID.

Here’s a proposed flow:

  • User is at the signin page
  • Enters koblas@example.com
  • DNS query is sent to lookup the “AUTH” record for ‘example.com’
  • result is authhost.example.com
  • Two choices at this point – either handshake ala OpenID or Facebook Connect — OR — have a DNS based auth lookup [the bias is to OpenID]
  • Now pop the user over to authhost.example.com with some arguments to authenticate
  • Return to mysite with cookies and tokens for their continued session.

Best part is that I don’t have to remember a new identifier, DNS handed out the identifier to complete the transaction.  You’re now going, but this will put the control of all identities into the hands of a few.  Sort of, but you can also think about it from the stance that if facebook were to have “public” email then you could use example@facebook.com as an identity for use on other sites.  They get the benefit that part of the authentication contract is that example@facebook.com is a deliverable email address to communicate with you at.