[Openid-specs-risc] Should we handle indirect relationships?

George Fletcher gffletch at aol.com
Tue Nov 22 17:50:52 UTC 2016


Given that at AOL we are a relying party to Google, Facebook, Yahoo, 
Twitter, LinkedIn, etc. ... when a user logs in via Facebook with an 
email address of *@gmail.com, should AOL subscribe at both Facebook and 
Google? or just Facebook?

This is similar to the enterprise case we talked about in the F2F. In 
that case it was someone logging in via Google with an identity that is 
not authenticated by Google but rather by the owning enterprise domain.



More information about the Openid-specs-risc mailing list