Hi Allen,<div><br></div><div>Thanks. Incidentally, the grief I have with Facebook is that I have to visit Facebook in order to pick up my "mail" which may just be a poke or prod. *grumble* But yes, I'd like to see us provide a general solution. And my personal queuing SP of choice would likely be one that sends copies of my messages in the email it sends me, as well as organizes them within its own web site for my review later.</div>
<div><br></div><div>And yes, certainly some sites definitely have more use cases for email that this solution doesn't address, like the social networking sites, I agree. Although I hope we can find a way besides giving these social networking sites access to spam our friends to make these connections with others already using the service.</div>
<div><br></div><div>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire<br>
<br><br><div class="gmail_quote">On Mon, Apr 6, 2009 at 11:51 AM, Allen Tom <span dir="ltr"><<a href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div bgcolor="#ffffff" text="#000000">
Hi Andrew,<br>
<br>
I really like the idea of an OAuth protected messaging service that
protects the user's inbox from spam, and allows users to selectively
authorize (and revoke) permission for 3rd parties to send messages to
them. This is exactly why Facebook messaging is free of spam.<br>
<br>
As George has mentioned, this will take awhile time to roll out, but it
would certainly make sense to move forward on this.<br>
<br>
However, a huge gotcha is that many RPs require your email address for
more than just messaging purposes:<br>
<br>
For instance, if the user needs to contact the RP out of band (the RP
is an online merchant, and the user needs to email or telephone the
merchant regarding an order) the user will have no way to identify
himself to the merchant, unless the merchant has the user's verified
email address. The Googlers on this list might have a bit more to say
about this scenario regarding their experience with Google Checkout.<br>
<br>
On a related note, social networking sites want users to connect with
each other, and the best way for a user to find someone that they know
is to search based on email addresses. This is why all decently sized
social networking sites ask to import your address book from your mail
provider to help you find your friends in your address book who are
also using the site.<br><font color="#888888">
<br>
Allen</font><div class="im"><br>
<br>
Andrew Arnott wrote:
<blockquote type="cite"><br>
<div>
<div>Proposed solution:</div>
<div>
<ol>
<li>When a user logs into an RP using an OpenID, the RP performs
discovery on the user's XRDS document and discovers a service element
for push notifications that includes the URI to receive the messages
the RP wishes to send to the user. This element also includes
information the RP needs to use OAuth for authorization to send to this
message queue.</li>
<li>During authentication (if the OP is also providing the message
queue service for the user) or immediately following authentication (if
the user is using a separate message queuing service), the RP sends an
OAuth message to the queuing SP requesting authorization to post
messages to this user. The user is directed to a web page explaining
the RP wants to send messages and clicks "Accept".</li>
<li>The user is now logged into the RP.</li>
</ol>
When the RP wants to send messages to the user, it POSTs to the queuing
SP using its OAuth token.</div>
<div>The user receives these messages in a manner previously
configured with his queuing SP, which will typically be via email
forwarding to his inbox.</div>
</div>
</blockquote>
<br>
<br></div><div class="im">
--~--~---------~--~----~------------~-------~--~----~<br>
You received this message because you are subscribed to the Google Groups "OAuth" group. <br> To post to this group, send email to <a href="mailto:oauth@googlegroups.com" target="_blank">oauth@googlegroups.com</a> <br>
To unsubscribe from this group, send email to <a href="mailto:oauth%2Bunsubscribe@googlegroups.com" target="_blank">oauth+unsubscribe@googlegroups.com</a> <br> For more options, visit this group at <a href="http://groups.google.com/group/oauth?hl=en" target="_blank">http://groups.google.com/group/oauth?hl=en</a><br>
-~----------~----~----~----~------~----~------~--~---<br>
</div></div>
<br>
</blockquote></div><br></div>