[OpenID] Combining Google & Yahoo user experience research

Chris Messina chris.messina at gmail.com
Wed Oct 22 22:08:46 UTC 2008 

On Tue, Oct 21, 2008 at 7:28 PM, Allen Tom <atom at yahoo-inc.com> wrote:

> Martin Atkins wrote:
> > I think it'd be pretty confusing and non-obvious if I typed in
> > something at example.com but, because of an existing session, I actually
> > ended up claiming somethingelse at example.com. This could arise for a
> > number of reasons, including but not limited to a given person having
> > several email accounts or several users sharing the same computer who
> > have not yet discovered the wonders of separate local user accounts.
> >
> > We should never ignore any part of what the user enters. If they just
> > enter their OP's domain, then the above is fine.
> >
> +1
> If the purpose is to verify a user's email address, then the user should
> have typed in the correct email address to be verified, and the email
> returned in the assertion should match the email address in the request.
>

-1
I'm against the notion of verifying email addresses with OpenID.

I think email addresses used as identifiers are at best hints that resolve
to a typical http/https URL.

Setting the expectation that OpenID can be used to verify a specific email
address seems fraught with disaster, since I would think that the
expectation of a "verified email address" would be that the owner of such an
address would be able to receive emails with it. Email in OpenID should be
primarily for hinting at where a user's OP lives on the web; if it happens
that the email identifier provided results in a matching returned email
address (via SREG, AX or PoCo), you can consider it coincidence.

I'm a proponent of emails-as-identifiers insomuch as it means that OpenID
will be significantly more palatable for users who are accustomed to
identifying themselves to sites as an email address. Expanding the scope to
email verification seems bound to failure in the wild.

Chris

-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081022/73d95cb4/attachment-0002.htm>

More information about the general mailing list