[Openid-specs-risc] Should we handle indirect relationships?
gffletch at aol.com
Tue Nov 22 17:50:52 UTC 2016
Given that at AOL we are a relying party to Google, Facebook, Yahoo,
Twitter, LinkedIn, etc. ... when a user logs in via Facebook with an
email address of *@gmail.com, should AOL subscribe at both Facebook and
Google? or just Facebook?
This is similar to the enterprise case we talked about in the F2F. In
that case it was someone logging in via Google with an identity that is
not authenticated by Google but rather by the owning enterprise domain.
More information about the Openid-specs-risc