[OpenID] Combining Google & Yahoo user experience research

[Martin Atkins]

Chris Messina wrote:
> 
> I don't know that email verification via OpenID would necessarily reduce 
> or prevent spam. Spammers are really good at moving goalposts.
> 

I think the main benefit would be that users wouldn't need to go and 
check their email every time they create a new user account. Even though 
I generally have my (non-web-based) email client running all the time 
that gets tedious very quickly. I can't imagine how painful it is for 
those poor folks who use web-based email and who haven't discovered 
multiple windows/tabs yet.

This is consistent with the original design principle of OpenID, which 
was that it "allows you to prove ownership of a URL". In this case, it's 
mailto: URLs rather than HTTP URLs, but the principle is the same. (And 
no, I'm not suggesting that users should need to type the mailto: 
prefix; some rules can be defined for inferring that.)

If email addresses are going to be allowed as OpenID identifiers, and on 
some RPs be the only supported identifiers for logging in, I think the 
need for a way to create synonyms in OpenID becomes much greater; I've 
already made wide use of an HTTP-based identifier, and I wouldn't want 
to "start again" were I to start using my email address.