[OpenID] Facebook support for OpenID. Where?
Andrew Arnott
andrewarnott at gmail.com
Wed May 20 14:56:20 UTC 2009
2009/5/19 Santosh Rajan <santrajan at gmail.com>
>
> That
> is why Facebook has not implemented OpenID for sign in and sign up. Because
> they cannot without an email address.
Really? You say that sounding like you know. Who have you heard this
from? Be careful what you say as if you know. Technically speaking from a
general perspective, I would say Facebook could absolutely work without
taking a user's email address, however as Shade said perhaps their database
schema assumes an email address as a primary identifier. Even so, an OpenID
URL with an email address as an attribute would certainly be adaptable by a
database schema modeled after that.
Even if email addresses become a valid OpenID identifier, RPs will still
have to perform email verification. It may be an optimized process, or it
may be *worse*. I imagine there are only a couple of possible ways email
addresses could become identifiers: every time the user logs in they have to
also go to their inbox and click a link (right! like that would ever fly)
or they must have a browser with a special plugin (also unlikely in the near
future). If on the other hand RPs choose to trust certain OPs' email
attribute assertions, the solution can be applied today and without any
special software or behavior on the end user's part. And that's what I'm
advocating for.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090520/3bf671cb/attachment.htm>
More information about the general
mailing list