[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Peter Williams
pwilliams at rapattoni.com
Sat Oct 25 15:54:06 UTC 2008
Folks are simply distinguishing
A Email form ids as a convenience to get passed klutzy URl-handling by users
B Email id "confirmation"
What I cannot get from reading the conversation is
1. Is it the discovery protocol that does (a)and/or (b)
Or
2 is the openid auth protocol that does (a) and/or (b) (and thus controls are performed by the OP)
Its important, legally to know this (and for patent issues that concern some of us). Formally YADIS controls per option (1) are not controlled by the Board. Arguably, though, OpenID can "profile" YADIS -particularly when it's for use with OpenID Auth.
From: general-bounces at openid.net [mailto:general-bounces at openid.net] On Behalf Of David Fuelling
Sent: Friday, October 24, 2008 3:56 PM
To: Martin Atkins
Cc: general at openid.net
Subject: [LIKELY_SPAM]Re: [OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
On Fri, Oct 24, 2008 at 10:24 PM, Martin Atkins <mart at degeneration.co.uk<mailto:mart at degeneration.co.uk>> wrote:
George Fletcher wrote:
> I think there are at least two use cases involving email addresses that
> can be easily confused...
>
> 1. Use the email address as an indicator or pointer to a valid OpenID as
> the email address is an identifier that the user currently remembers.
> - this is the use case that EAUT is targeting and, if I understood
> correctly, what Chris is discussing as well
>
> 2. Verify an email address for those RP's that want/need/require a
> "verified email address"
> - this is more about the RP getting a verified identity attribute
> - the expectation is that an OpenID based flow would allow a user who
> has to verify their email address to do it in "real time" rather than
> the async email method used today
>
> I believe we need to keep these two use cases separate because the
> intentions/outcome is really quite different.
>
From a user experience perspective, your point 2 here is an extension
of point 1. In both of these cases, the user enters his email address to
log in. In the second case, he doesn't need to check his email to verify
his email address.[1]
What am I missing here? What is gained by having the user enter an email
address but not actually using it as the OpenID Identifier? This
approach just seems really bizarre and makes the whole thing far less
useful.
Just started tracking this thread, so apologies if this is off-base, but does my comment on your blog post shed any light on the question about why to map instead of use emails directly as OpenIDs?
http://community.livejournal.com/apparentlymart/18123.html?view=42443#t42443
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081025/4d8542c9/attachment-0002.htm>
More information about the general
mailing list