[OpenID] New OpenID Customer Research Activity - Google research on federated login
Dick Hardt
dick.hardt at gmail.com
Thu Sep 25 16:19:41 UTC 2008
On 25-Sep-08, at 6:57 AM, Eric Sachs wrote:
>
> I believe this idea has come up in some of the past discussions
> about defining a mapping of an E-mail address to an OpenID URL. If
> we standardized that, then an RP could do discovery on that E-mail
> mapped URL which would be hosted by the E-mail provider, but then
> the E-mail provider could allow the owner of that E-mail to specify
> a different OP (or maybe multiple OPs) which they trust to assert
> their E-mail address. I was not part of those discussions, but
> maybe someone else can jump in to confirm whether I described that
> accurately.
I'm hoping we can get a permanent page up somewhere that explains why
email as an OpenID identity is a bad idea so that I don't have to keep
killing this train of thought.
While I can see the UX advantage of a new user being able to type in
their email address so that you can do discovery -- it creates more
problems than it solves.
I'm swamped right now, but should have a chance shortly to articulate
my thoughts for anyone that is interested.
-- Dick
More information about the general
mailing list