.

Tag: url

The Beauty of EAUT (Email Address to URL Translation)

Rick Turoczy on July 22, 2008

OpenID, as a concept, holds great promise. And Portland—with OpenID proponents like Vidoop and JanRain—is home to some of the most promising thought in the application of that concept.

But the URL thing still trips folks up.

And that’s a known issue. Not everyone wants to use a URL to identify themselves. An email address makes more sense to some folks.

But there’s a problem. An email address isn’t exactly an “endpoint.” And there’s no way to hang other stuff off of an email address, like identity information or helpful code like XFN.

Still, from a usability standpoint, “using my email address to login” is about as common a practice as any on the Web.

So there needs to be a translation. Something that lets people use the credential they want, but allows folks to have the endpoint credential they need.

Roughly a month ago, Portland-based Vidoop released something designed to solve this problem: Emailtoid, a service that allowed folks to use an email address as their OpenID.

I thought Emailtoid showed a great deal of promise. But apparently, it wasn’t good enough.

Now, Vidoop’s Will Norris and Michael Richardson have helped take the concept of Emailtoid a step further by working on the development of a new spec. It’s a spec that may simplify the issue even further.

Introducing EAUT—pronounced “yute“—a distributed email address to URL translation that allows anyone to take the conversion from email address to OpenID URL and hide it behind the scenes of the transaction. With just a little bit of code.

Or, to let Vidoop explain EAUT more clearly:

In basic terms EAUT makes it easy to take an email address and transform it into an URL, making your email work with services like OpenID. The goal with Emailtoid is to demonstrate the technology and provide a fallback solution for a larger, decentralized network based on the EAUT specification.

What’s more, it’s decentralized. Meaning any email address—any email address—now holds the potential to become an OpenID:

EAUT is designed to work in a distributed fashion, so that no one authority controls it. Every email provider can control how email addresses at their domain are resolved into URLs.

So, now that bright and shiny new Emailtoid—instead of leading the charge—becomes the fallback service should this validation fail. According to plan.

Hopefully, the release of the EAUT spec continues to chip away at the barriers that are preventing major providers—providers that serve as relying parties but don’t allow users to login via OpenID—to move into the realm of becoming full-fledged OpenID supporters.

And in so doing, here’s hoping that EAUT helps accelerate the adoption of OpenID, a concept that today may only save headaches for a handful of geeks with innumerable logins, but which may one day serve as an open foundation for credentials and security on the open Web of the future.

Combining the power of OpenID with the ease of email addresses. And making it open and distributed.

This could be a thing of beauty.

To test drive it, try out the EAUT examples. For more information on the spec, see the Vidoop post or the EAUT site.

Email to ID: My OpenID is an email address

Rick Turoczy on June 20, 2008

Email to ID from VidoopOh boy. He’s on that OpenID soapbox again.

Look. You’re in Portland. Arguably the de facto hub of OpenID. So it happens. The OpenID soapbox is literally right here. I can jump on it at practically any time.

So yes, I’m talking about OpenID, again.

But this time, I think even the staunchest critics will find the discussion interesting. Because it solves a very common complaint.

You see, once you get past initial objections surrounding OpenID and the “we should push the value, not the technology” discussion—once you get into actually trying to convince people to use OpenID as a form of credential for online services—one criticism tends to pop up time and time again…

Why is OpenID a url? Why can’t OpenID be an email address?

Why does this complaint come up so much? Because email passes the “mom ‘n’ pop” test. As in mom ‘n’ pop are growing increasingly comfortable with the idea of having an email address. They “get it.” And they’re far more comfortable managing that type of address than they are managing a url.

Long story short, email seems easier to grasp.

And we’ve been so conditioned to plug an email address into the “username” box, that it’s almost becoming second nature.

So the conversation always, always, always comes around to “What if logging in with OpenID were as easy as logging in using your email address?

If only! If only someone, somewhere could put some of the leading minds together with some brilliant developers and get this thing figured out. I mean, maybe like Chris Messina and Will Norris. Maybe get Scott Kveton and Scott Blomquist in there. And that Michael Richardson is a pretty sharp developer.

I mean, if someone could manage to put a team like that together… I’m sorry. What? Really? Really? Vidoop? They all work for Vidoop? Oh. Well. That would probably explain this then….

Enter Email to ID, a new service from the folks at Portland-based Vidoop. (And yes, this is the thing they’ll be demoing at Beer and Blog this evening.)

How does Email to ID work?

The concept is simple. And congruent with current OpenID logins.

One box. One credential to enter. The basic difference being that you’re using an email address instead of url.

So how do you validate that you are who you say you are? Well, there are a couple of ways.

If you don’t have know that you already have an OpenID, you can just use your email address and Email to ID will create an OpenID association for you.

The first time you sign into a new site, Email to ID will send a validation code to that email account. (Much in the same way CAN-SPAM encourages people to confirm their membership on email lists.) Using the code, you can validate that the email address is, in fact, yours and that you are who you say you are.

If you’re already a typical OpenID user, you can associate your existing OpenID(s) and relying parties with an email address. This allows you to use the inherent security features of your relying party instead of having to check your inbox every time you want log into a new site.

Technically, what’s Email to ID doing?

Okay. I can see you geekily salivating over there. But I’m not going to try to explain it. Instead, I’ll let the people doing the work explain that:

Emailtoid is a simply a mapping service – we take a GET request to our mapper ( eg, http://emailtoid.net/mapper?email=jane@example.com ) and return an HTTP redirect (a 302) to an OpenID. If the email address is not in our system, we create an OpenID account for the user on the fly. The user logs into the OpenID account by verifying his or her email address through a one time URL or confirmation code sent to that email address. The RP (relying party, the site that originally sent the request) then has the user returned to it.

Get it? Good. Explain it to me sometime.

All I care about is that it works. And it does. Quite gracefully. And that is technology as it should be.

So is OpenID “mainstream” now?

I don’t know that making OpenID mainstream should even be a goal. But I do know that making services and technologies more useful to the general populous should.

“Basically, OpenID is great, it’s a wonderful technology, but it can be a bit confusing to the end users,” said Richardson, lead developer for Email to ID. “Users are already trained to use email as an identifier, so this bridges the gap between email and OpenID.

“Ideally, this service will go away as all top level domains will implement their own mapping. But until that time, we provide a way for sites to have people to use OpenID through their email address. The barrier of entry into OpenID is significantly lower.”

Conceptually, this service marks a huge step forward for “bending the OpenID technology to the needs of the common user.” And as such, it could definitely be one avenue for introducing a new way of logging-in to a wider group of people.

But, whether the term or concept “OpenID” needs to travel along with that form of credentialing is still a matter of debate.

To paraphrase something that Kveton, who in addition to efforts at Vidoop happens to chair of the OpenID Foundation, often says, “My mom doesn’t says she’s going to go establish an SMTP connection. She says she’s going to go check her email.” Or to put it another way, “Sell the sizzle, not the steak—or Gardenburger, as the case may be.”

Make no mistake, this is progress for OpenID and its potential. And progress very much in the right direction for a very fledgling technology with a number of benefits.

I, for one, feel that—with Email to ID—one of the major gripes against OpenID is now a thing of the past.

And that means, it’s time to attack the next one. What’s next?

For more information or to set up your own email-based OpenID, visit Email to ID. Interested in implementing this service? See the Email to ID developers area and follow Email to ID on Get Satisfaction. Of course, if you’re lucky enough to be in Portland, today, swing on by Beer and Blog to talk to Email to ID developer Michael Richardson about this new service.