identifier ambiguity

[Bill Strathearn]

If twitter.com (or any other social network) were to deploy webfinger support, but also used their main domain name for an email account system, how would they reconcile the difference between a web finger address that can ambiguously describe the email account holder or the social network account holder.  In the general case, there is no need for http://twitter.com/bill to be the same person as bi...@twitter.com. 

The easy resolution is to use a unique sub-domain to disambiguate, but presumably, the company would not want everyone to change email addresses to bi...@corp.twitter.com or bi...@twitter-corp.com and if the URI is http://twitter.com/bill, then very few would guess that the webfinger address is something like bi...@tweeters.twitter.com. 

[Brad Fitzpatrick]

All webfinger does is take "something that looks like an email address" and returns a machine-readable resource for it.

It does not define or recommend mappings between SMTP / email addresses and 'equivalent' social networking URLs.

That said, why would anybody change their email addresses?

Or, why would twitter.com/bill use webfinger when twitter.com/bill is *already* a readable resource?  It could use <link rel='...' /> in its <head>.  bi...@twitter.com has no such luxury.

[Eric Mill]

So if I, as twitter.com/bill, wanted to register/login to a site with my Twitter account, are you saying that Webfinger wouldn't be the appropriate way for  that site to figure out who I am? But what would be, short of the site implementing a site-specific "Login with your Twitter account" workflow that so many have already?

[Kingsley Idehen]

On 2/10/11 8:44 PM, Brad Fitzpatrick wrote:

All webfinger does is take "something that looks like an email address" and returns a machine-readable resource for it.

Brad,

I would like to believe that the machine-readable resource in question is a description (representations varied and negotiable) of the "mailto;" or "acct:" scheme based URI's Referent. Thus, my Webfinger URI returns a machine readable profile document that describes me.

"machine-readable" resource is sort of confusing to people when dealing with Identifiers that resolve as per Webfinger etc.. It isn't obvious what they resolve too, or why they should even resolve to anything at all.

Hopefully, this adds some clarity to Webfinger's effort to deliver intuitive Personal Identifiers using "mailto;" and "acct:" scheme URIs :-)


Kingsley

-- 

Regards,

Kingsley Idehen	      
President & CEO 
OpenLink Software     
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen 

[Paul E. Jones]

Eric,

 

OpenID uses URLs much like what you’re proposing in order to allow a user to log into a network.  However, as other said, Webfinger takes something that looks like an email address and provides information about it.  It “looks like” and email address and, in fact, it might be.  Or, it might be an acct: URI.  That was debated for a while, though I’m not sure if any consensus was reached.

 

Personally, I like the idea of using an email address as the URI for webfinger.  The reason is that email addresses are ubiquitous.  That said, it does raise the question as to what one does when a non-email provider has users and wants to provide information about the user.  For Twitter, the acct: URI scheme might be just what one needs.  In fact, perhaps it might be reasonable practice for one requesting information about “pau...@packetizer.com” to query mailto: and acct:, in that order, to look for information.  One or both might return 404.

 

Paul

[Bill]

I think that The acct: and mailto: protocol portion is the missing piece in my identifier scheme that is needed in order to allow for unique identification of both http://twitter.com/bill and mailto:bi...@twitter.com.   An API that retrieves data for both email system users and web profiles can then require that the protocol portion be included in any uses of the webfinger email address-type-things.

Thanks to everyone who replied. 

--
Bill

[Kingsley Idehen]

On 2/11/11 4:57 PM, Bill wrote:

I think that The acct: and mailto: protocol portion is the missing piece in my identifier scheme that is needed in order to allow for unique identification of both http://twitter.com/bill and mailto:bi...@twitter.com.   An API that retrieves data for both email system users and web profiles can then require that the protocol portion be included in any uses of the webfinger email address-type-things.

<http://twitter.com/bill#this> can be asserted to be sameAs <mailto:bi...@twitter.com> in a number of ways :-)

Example of a Triple making the assertion/claim above via an XRD resource:
<?xml version="1.0" encoding="UTF-8"?>
<XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0" xmlns:hm="http://host-meta.net/xrd/1.0">
...
<Subject>acct:kid...@openlinksw.com</Subject>
<Link rel="http://www.w3.org/2002/07/owl#sameAs" href="http://kingsley.idehen.net/dataspace/person/KingsleyUyiIdehen#this" />
..
..
</XRD>

See my profile:

1. http://kingsley.idehen.net/c/B6H2W -- HTTP session debug output re. GETs against my XRD based descriptor resource.

Kingsley

[Eric Mill]

If someone would have to type in their Twitter URL in a login form to get the benefit of Webfinger, that's not any better a user experience than OpenID; which seems counter to the founding goals of Webfinger.

-- Eric

[Paul E. Jones]

I agree.  We definitely do not want to re-introduce URIs that are hard for users.

 

If a user types “bi...@twitter.com”, then the software into which the user entered that identifier should translate that into acct:bi...@twitter.com or email:bi...@twitter.com.  Whatever URI scheme we decide, we should choose one and we definitely should not provide different information for, from the user’s perspective, is the same identifier.

 

Perhaps Eran was right to introduce the acct: scheme to avoid this issue.  A twitter ID not  an email address, after all.  Perhaps input boxes that request this information should not ask for your email address, but ask for your “Internet ID”.  If it happens to be the same as your email ID, fine.  In the case of Twitter, it’s not.  Then we use acct: to query information and an email ID can be one of the data elements returned as a link relation in the XRD.

 

Paul

[Daniel Renfer]

Is it fair to assume that the user of an email account is the same as
the webfinger account of the same name?

For instance, if Twitter ever got into the email business, then could
we infer that mailto:bi...@twitter.com is the same person as
acct:bi...@twitter.com ? Same goes for xmpp:bi...@twitter.com

It would be incredibly confusing if these weren't the same person, but
I could see a company doing something like this. (for legacy reasons)

[Paul E. Jones]

Daniel,

I think it's definitely reasonable to assume such, not because the ID really is an email ID, but simply because users should not be expected to know whether it is or isn't. Users will not enter the URI scheme.

Technically, the identifier used with webfinger could be either an email ID or an acct: ID. We should just go with one and I'm more included to go with acct:, the more I think on this twitter example. Email clients could also use Webfinger to discover a user's email ID given their acct: ID.

Most of the time, the email ID and acct: will be the same, but the Twitter example is one that shows this is not always the case.

Paul

[Kingsley Idehen]

On 2/12/11 12:07 PM, Eric Mill wrote:

If someone would have to type in their Twitter URL in a login form to get the benefit of Webfinger, that's not any better a user experience than OpenID; which seems counter to the founding goals of Webfinger.

When you combine Webfinger with the WebID [1] protocol you solve this problem i.e., no passwords or unintuitive HTTP URI to remember.

Personally, I use the combo and they work great together.

Links:

1. http://www.w3.org/wiki/WebID -- WebID introduction doc

Kingsley