[OpenID] About Facebook, MySpace and OpenID
deron.meranda at gmail.com
Fri Apr 3 22:01:57 UTC 2009
On Fri, Apr 3, 2009 at 3:50 PM, John Bradley <john.bradley at wingaa.com> wrote:
> I will grant you that the choice google has made to deny returning optional
> claims to the RP without a user dialog makes the UI simpler.
> The problem for RPs is that they may still be willing to accept the login
> without the email and collect or verify the email in some other manner.
Yes, this is exactly the "problem" I have with Google's way of interpreting
optional to mean required. It's not optional for the user, it's optional
Another slight annoyance, perhaps specific to Google, is that even if I have
it return an email address, I don't get to pick it.
Basically, any Google account can have a lot of different email addresses.
First, you can just add or remove periods (dots) where-ever
or you can also make up address aliases
I may want to give out my primary address for my bank's blog,
but a different one for my neighbor's.
> From a RP point of view OP's dealing with AX requests in a consistent way is
> a requirement.
Some OPs like Verisign PIP let me customize my attribute return
values (albeit SREG rather than AX) almost to the extreme opposite of
Google: per-RP answers, multiple AX profiles for default answers, etc.
More information about the general