[justjohn]

I always thought that the problem with openID is they didn't use email addresses instead of URLs. e.g. use john@example.com and require a certain url template for the endpoint e.g. example.com/openid/john

That way I don't have to remember another identifier and we already trust at least part of our identity to our email provider. Not perhaps as open, but much more approachable as a user.

[milkmiruku]

Webfinger - http://en.wikipedia.org/wiki/Webfinger - was created for e-mail-as-OpenID-login. I don't know why it hasn't taken off though.

[xp84]

Hate that idea. I don't want to have to share my email address, in fact that's a primary reason why I always use my open ID (which is unrelated) when possible. Providing email as a credential creates an implicit, if not explicit, invitation "Here, spam me." This is why I'm generally against using email as an identifier.

Other examples that all suck for this reason: Apple IDs. Windows Live ID. Jabber.

[MattJ100]

> Other examples that all suck for this reason: Apple IDs. Windows Live ID. Jabber.

Erm, to clarify, Jabber isn't an authentication system. It's a decentralized IM network, structured similarly to email. A user is identified by their username on a given host, just like email. It (sensibly, in my opinion) re-uses the same format for that, user@host (I don't think user!host would be quite as intuitive...).

This does not mean a Jabber ID is an email address. It can be, but they are two distinct properties of any given identifier. So saying it 'sucks' because of the format of its identifiers happens to look like an email address, and some services choose to enable both email and IM on the same ID, is stretching it a bit.

[slowpoke]

>This does not mean a Jabber ID is an email address.

Though on many mail providers these days, it's the other way round that's true. A lot of people use GMail, but few realize that this means they also have a JID (Jabber ID) and can use XMPP, since Google opens their servers.

It's a shame, really. Google seriously missed a chance to kill all of the mess of a thousand and one IM providers (each with their own, proprietary protocol) and replace it with the open and partially decentralized XMPP protocol, which anybody can implement and run.

[rbanffy]

The identifier doesn't have to be a real email, much less your main address - it's just an identifier and a provider.

[notatoad]

I've got like 15 email addresses. I keep some of them private. There's no reason to give out your primary email address to every site that asks for it, just an email address.

[slowpoke]

I use throwaway email providers on most websites, like 10minutemail.com or fakeinbox.com. Works wonders against spam. My real email(s) are only used when it's really required.

[aconbere]

This problem is tough to imagine with jabber where you control access through your roster.

That is. They would then have to ask you permission to spam you.

[drivebyacct2]

How do people operate in the 21st Century internet treating their email address as private? I've never been reserved about giving out my email address and I've never had a spam or harassment problem. Ever.

[lrobb]

Back in "the day", users were bombarded with warnings to never give out their email address, lest something bad happen... at one point in time, if you did post your email publicly, it would quickly become unusable as the spam tools & regulations were way behind the spammers. I'm sure there's still a huge contingent out there afraid of putting their email into the wild.

[davidblair]

Perception is far more important than reality.

When online sales first took off, credit card theft was a huge concern. Even though nothing would go wrong for the vast majority of people fear was enough to make users and vendors go to great lengths to protect data. Not a perfect analogy but conceptually similar.