Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

Overloaded Identifiers

I was pleased to hear the other week that AOL were now supporting OpenID for all of their user accounts. However, I was hesitant to add my AOL OpenID identifier to sites like ClaimID and Jyte and didn't really know why. Having pondered it, I think I have the same reservations as I do about using my email address as an identifier: AOL identifiers are overloaded.

The problem is that my AOL identifier doesn't only identify me, it also identifies a mechanism for bugging me with unwanted messages.[1] Likewise, my email address identifies me but also identifies an endpoint for depositing junk mail. I also don't use my weblog URL as an OpenID identifier. Why? Because that's the identifier for my weblog, not for me.

My primary OpenID identifier, on other other hand, only identifies me. While it's true that there is a web page on the other end of it, it has little of use on it except information on how to authenticate me and a link to my weblog. You could say that these distinctions are tenuous and perhaps a little picky, but they are reservations all the same. I want to distinguish between myself, my email account, my AIM account, my Jabber account and my weblog. They all identify “me” in some sense, but my primary OpenID identifier is the only one that is only me.

[1] If you're really keen on communicating with me via IM, I'd much rather you use Jabber anyway. I maintain my AIM account only for backwards-compatibility with my legacy, deprecated friends.

Tags: openid

  • The next evolution for OpenID?

    This morning at IIW Dick Hardt presented his vision for solving the issue whereby a user is dependent on his OpenID provider being up and non-evil.…

  • HTML 5 vs. Yadis

    One of the ways that the Yadis specification allows for the XRDS document location to be declared is via the X-XRDS-Location header embedded via a…

  • Client Certificates: It's easy, man! recently added support for logging in with client certificates. I've heard people talking about client certificates lots of times, but…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.