[OpenID] About Facebook, MySpace and OpenID

Deron Meranda deron.meranda at gmail.com
Fri Apr 3 22:01:57 UTC 2009

On Fri, Apr 3, 2009 at 3:50 PM, John Bradley <john.bradley at wingaa.com> wrote:
> I will grant you that the choice google has made to deny returning optional
> claims to the RP without a user dialog makes the UI simpler.
> The problem for RPs is that they may still be willing to accept the login
> without the email and collect or verify the email in some other manner.

Yes, this is exactly the "problem" I have with Google's way of interpreting
optional to mean required.  It's not optional for the user, it's optional
for Google.

Another slight annoyance, perhaps specific to Google, is that even if I have
it return an email address, I don't get to pick it.

Basically, any Google account can have a lot of different email addresses.
First, you can just add or remove periods (dots) where-ever
or you can also make up address aliases

I may want to give out my primary address for my bank's blog,
but a different one for my neighbor's.

> From a RP point of view OP's dealing with AX requests in a consistent way is
> a requirement.


Some OPs like Verisign PIP let me customize my attribute return
values (albeit SREG rather than AX) almost to the extreme opposite of
Google: per-RP answers, multiple AX profiles for default answers, etc.

Deron Meranda

More information about the general mailing list