[OpenID] New OpenID Customer Research Activity - Google research on federated login

[Dick Hardt]

On 25-Sep-08, at 5:46 AM, George Fletcher wrote:

> In your testing, was the "Email address or OpenID domain" form  
> element labeled with the openid_url name so that plugins like  
> sxipper or seatbelt would detect it as an field for an OpenID? Seems  
> like naming it this way would break the legacy browser form fill...
>
> Also, an the "validated E-mail" address... would it be worth  
> exploring a way for an OP to have a 3rd-party (the email provider)  
> verified attribute that the user can submit via AX? This way the  
> user can use whatever OP they want and just store with the OP the  
> 3rd party verified attribute. The RP can verify the attribute (via  
> PKI) or some other method without having to force the user through  
> the password verification process. This would require the user to go  
> through some process at least once to get the verified attribute  
> into their OP.  That doesn't really exist yet, but is it something  
> to work towards?

Decoupling email from OpenID identity is desirable from a privacy  
point of view in addition to being significantly more flexible.

Many people have multiple email addresses, and this provides  
flexibility to choose which one to provide, as well as provide more  
then one verified email address.

At Sxip we built a prototype for creating a SAML assertion of a  
verified email address. We used AX to store and request the verified  
email, and demoed this at an IIW over a year ago.

-- Dick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080925/4feaa6cf/attachment-0002.htm>