On Identity and Messaging


What OpenID (and the underlying Yadis) fundamentally give us are:

  • Globally unique identifiers (today URLs and XRIs, but there’s no technical reason those couldn’t also be e-mail addresses, barcodes or ISBN numbers)
  • A mechanism for services discovery (via Yadis XRDS, and, in very limited form, via the OpenID HTML tags).

Everything else, such as authentication, or attribute exchange, is, while often very useful, architecturally optional. What services, other than authentication or attribute exchange, might be useful?

A ton, in my view … for example, messaging.

For example, we could, with very little effort, do an HTTP POST as part of an OpenID authentication transaction, and carry arbitrary payload that is subject to the OpenID authentication crypto, i.e. cannot be changed in transit and whose sender address cannot be falsified.

In other words, a replacement for e-mail that does not need to go through a lot of legacy contortions (7bit, 72 characters, that kind of thing) and that, best of all, does not allow spammers to fake the return address as a matter of design.

Sounds useful? Certainly James McGovern thinks so.

We certainly do, too. Which is why MyLID.net has had that functionality for a long time now.