[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Chris Messina
chris.messina at gmail.com
Wed Oct 22 22:02:11 UTC 2008
On Tue, Oct 21, 2008 at 7:25 PM, Allen Tom <atom at yahoo-inc.com> wrote:
>
> I do think that it would be pretty straightforward to just chop off
> everything after the @, and perform discovery on the domain of the email
> address.
>
> +1. I don't think that, in the case of an email address provided as an
identifier that the email address provided should be considered. Instead,
it's all about resolving the identifier at the email domain.
factoryjoe at aol.com simply becomes aol.com and discovery is completed there.
The RP should probably also discard the provided email address and rely on
the identifier returned by the OP (hence the "relying" in "relying party").
There's a simple rational for this. I may have several email addresses or
identifiers associated with my account, but use entirely different
credentials to sign in to the service. It may also be the case that the
course of doing the OpenID dance, I may choose a certain persona to return
to the RP. For example:
1. Enter factoryjoe at aol.com. Return claimed identifier
openid.aol.com/factoryjoe.
2. Enter factoryjoe at aol.com. Return claimed identifier
openid.aol.com/factoryjoe/otherpersona.
The RP should treat an email address according to the identifier select
model, and only consider the domain.
Chris
--
Chris Messina
Citizen-Participant &
Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081022/019167c4/attachment-0002.htm>
More information about the general
mailing list