OpenID, as a concept, holds great promise. And Portland—with OpenID proponents like Vidoop and JanRain—is home to some of the most promising thought in the application of that concept.
But the URL thing still trips folks up.
And that’s a known issue. Not everyone wants to use a URL to identify themselves. An email address makes more sense to some folks.
But there’s a problem. An email address isn’t exactly an “endpoint.” And there’s no way to hang other stuff off of an email address, like identity information or helpful code like XFN.
Still, from a usability standpoint, “using my email address to login” is about as common a practice as any on the Web.
So there needs to be a translation. Something that lets people use the credential they want, but allows folks to have the endpoint credential they need.
Roughly a month ago, Portland-based Vidoop released something designed to solve this problem: Emailtoid, a service that allowed folks to use an email address as their OpenID.
I thought Emailtoid showed a great deal of promise. But apparently, it wasn’t good enough.
Now, Vidoop’s Will Norris and Michael Richardson have helped take the concept of Emailtoid a step further by working on the development of a new spec. It’s a spec that may simplify the issue even further.
Introducing EAUT—pronounced “yute“—a distributed email address to URL translation that allows anyone to take the conversion from email address to OpenID URL and hide it behind the scenes of the transaction. With just a little bit of code.
Or, to let Vidoop explain EAUT more clearly:
In basic terms EAUT makes it easy to take an email address and transform it into an URL, making your email work with services like OpenID. The goal with Emailtoid is to demonstrate the technology and provide a fallback solution for a larger, decentralized network based on the EAUT specification.
What’s more, it’s decentralized. Meaning any email address—any email address—now holds the potential to become an OpenID:
EAUT is designed to work in a distributed fashion, so that no one authority controls it. Every email provider can control how email addresses at their domain are resolved into URLs.
So, now that bright and shiny new Emailtoid—instead of leading the charge—becomes the fallback service should this validation fail. According to plan.
Hopefully, the release of the EAUT spec continues to chip away at the barriers that are preventing major providers—providers that serve as relying parties but don’t allow users to login via OpenID—to move into the realm of becoming full-fledged OpenID supporters.
And in so doing, here’s hoping that EAUT helps accelerate the adoption of OpenID, a concept that today may only save headaches for a handful of geeks with innumerable logins, but which may one day serve as an open foundation for credentials and security on the open Web of the future.
Combining the power of OpenID with the ease of email addresses. And making it open and distributed.
This could be a thing of beauty.
To test drive it, try out the EAUT examples. For more information on the spec, see the Vidoop post or the EAUT site.