[Openid-specs-risc] Should we handle indirect relationships?

Hardt, Dick dick at amazon.com
Tue Nov 22 21:15:09 UTC 2016


George: does the *@gmail.com user have an account at AOL? Let’s assume that is the use case you are talking about. It is not clear how Facebook and AOL are going to learn they share a user. In the F2F we talked about direct relationships would proxy in same way for indirect relationships. Ie. AOL would share data with Google, and Facebook would share data with Google. If there is an event at Facebook that is shared with Google, then that may create an event at Google that would be shared with Facebook.

/Dick

On 11/22/16, 9:50 AM, someone claiming to be "Openid-specs-risc on behalf of George Fletcher" <openid-specs-risc-bounces at lists.openid.net on behalf of gffletch at aol.com> wrote:

    Hi,
    
    Given that at AOL we are a relying party to Google, Facebook, Yahoo, 
    Twitter, LinkedIn, etc. ... when a user logs in via Facebook with an 
    email address of *@gmail.com, should AOL subscribe at both Facebook and 
    Google? or just Facebook?
    
    This is similar to the enterprise case we talked about in the F2F. In 
    that case it was someone logging in via Google with an identity that is 
    not authenticated by Google but rather by the owning enterprise domain.
    
    Thoughts?
    
    Thanks,
    George
    _______________________________________________
    Openid-specs-risc mailing list
    Openid-specs-risc at lists.openid.net
    http://lists.openid.net/mailman/listinfo/openid-specs-risc
    



More information about the Openid-specs-risc mailing list