[OpenID] Combining Google & Yahoo user experience research

[Dick Hardt]

On 13-Oct-08, at 11:56 PM, Allen Tom wrote:

> Chris Messina wrote:
>> So many sites (in the wild) now immediately ask you for your email
>> address after you sign up with OpenID that it seems counter- 
>> productive
>> NOT to support email addresses... especially since they often require
>> you to confirm your email address via token (which, if it were part  
>> of
>> the OpenID spec, could be done entirely within the browser).
> +1
> I think there's a very interesting opportunity to use OpenID as a
> browser based email verification protocol. The emphasis is on  
> verifying
> the user's email, not signing in. There are plenty of use cases where
> websites need a verified email address, and OpenID could be used to
> streamline this process and to increase the success rate. (many  
> studies
> show that there is a huge failure rate for email verification)

An interesting idea to have an email verification protocol. Could be  
used as well for fighting spam.

Thinking out loud, the protocol should involve a bounce to the mail  
provider as it is the authority for the email.

> For instance, many websites require a verified email address to
> register.

It would be useful to understand why the website wants a verified  
email address, as it may not be required when an identity protocol is  
available.
A number of reasons come to mind:

1) password reset mechanism

2) further assurance there is a person on the other end instead of a bot

3) push info to the user via SMTP

There are other ways to do (2) and (1) is really an identity protocol.  
(3) is shifting with the rise of SMS and other messaging as email  
declines from the use of spam.

-- Dick