[OpenID] email address retrieval
SitG Admin
sysadmin at shadowsinthegarden.com
Wed Jul 8 01:53:02 UTC 2009
>>What if I don't want the *OP* to know my E-mail address, but I'm
>>fine with *you* knowing it?
>
>The user is free to set up an email address and password with my
>site and not use an OP for logging in.
I'm confused. It sounded at first like you just needed that
information for notification purposes, but now it looks like you also
(sometimes) use it for login purposes. I'm going to recap a couple of
OpenID's useful qualities:
1) Autofill of non-required (optional) personal/profile information:
SREG/AX can save the user from having to type all that in.
2) Secure single-sign-on: user can have the same password for ALL
their different websites, *without* risking that any of those
websites (or operators), if compromised (or corrupt), can gain access
to ALL their accounts.
So, then, my options with your site are to either share my address
with my OP, or to just not use OpenID at all? That, frankly, sucks ;)
>Yes that was what I was uncertain about. I checked the Facebook
>Connect <http://www.somethingtoputhere.com/therunaround/>sample
>application and that is how it appears to work. Do certain OPs
>withold email addresses and certain OPs make them available?
It's possible. The question for your site, I think, should be whether
you are going to tell the user "We are sorry, but your OP (does not
know / would not reveal) your E-mail address, so therefore we are not
even going to give you a place to enter that information."
I suggest planning for use-cases where the user wants to use OpenID
*and* give you information that their OP is not privilege to.
-Shade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090707/11b366b7/attachment.htm>
More information about the general
mailing list