Friday, February 23, 2007

Existence proof

AOL's John Panzer responds to my concern over AOL arbitrarily gifting me with another OpenID. John writes
My take is, if you don't actually use the OpenID URL, it doesn't really exist. The same way a Wiki page doesn't exist until you edit it.
Well, until you create a link to a Wiki page and then edit it, it actually does not exist, i.e. it's not addressable. My AOL OpenID manifestly does exist and is addressable. What's more, anybody who knows (or can guess) my AIM screenname, can get to it.

John goes on
Another important point is that you can point at the AOL OpenID service from any web page you own in order to turn its URL into an OpenID. The minimal requirements are basically that you have some AOL or AIM account, and that you add a couple of links to your document's HEAD:

Of course, I don't want to use OpenID's delegation mechanism to point at this AOL OpenID - I don't even want the thing, why would I direct RPs to it?

If anything I'd want to instead edit the AOL HTML page to point at my chosen OpenID provider and URI. John suggests that this is now possible
We added this to our blogs product in a few minutes minutes (sic) and it's in beta now.
I created a blog at AOL in order to try it out (NBARM - Nothing But a Redirect Mechanism) but I can see no ability to directly edit the HTML header to add the OpenID delegation tags.

Does John mean that AOL supports OpenID as the delegatee, but not the delagator? A business model peaks through the clouds.


Rob said...

What are you talking about? is certainly addressable.

Did you know that Google runs an identity aggregation service in which you are co-opted? Try You cannot escape the web!

John Panzer said...

Yep: and
both 'exist' and return 200's. currently redirects you to the AIM Page for that screen name. If an AIM Page doesn't exist for that screen name, you get a default profile:

It'd be better IMHO if that product clearly indicated that the page was a default one the way Wikipedia does.

I probably wasn't clear in my blog post that we simply made each blog page delegate to -- meaning that you can use whichever one you prefer. We don't (yet) let you change the OpenID provider to be used for the blog, but that's something I'm interested in looking at.