<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Folks are simply distinguishing<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>A Email form ids as a convenience to get passed klutzy URl-handling
by users<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>B Email id “confirmation” <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>What I cannot get from reading the conversation is<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>1. Is it the discovery protocol that does (a)and/or (b)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Or<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>2 is the openid auth protocol that does (a) and/or (b) (and thus
controls are performed by the OP)<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Its important, legally to know this (and for patent issues that
concern some of us). Formally YADIS controls per option (1) are not controlled
by the Board. Arguably, though, OpenID can “profile” YADIS –particularly when
it’s for use with OpenID Auth.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> general-bounces@openid.net
[mailto:general-bounces@openid.net] <b>On Behalf Of </b>David Fuelling<br>
<b>Sent:</b> Friday, October 24, 2008 3:56 PM<br>
<b>To:</b> Martin Atkins<br>
<b>Cc:</b> general@openid.net<br>
<b>Subject:</b> [LIKELY_SPAM]Re: [OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re:
Combining Google & Yahoo user experience research<o:p></o:p></span></p>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoNormal>On Fri, Oct 24, 2008 at 10:24 PM, Martin Atkins <<a
href="mailto:mart@degeneration.co.uk">mart@degeneration.co.uk</a>> wrote:<o:p></o:p></p>
<div>
<blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;
margin-left:4.8pt;margin-right:0in'>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'>George Fletcher wrote:<br>
> I think there are at least two use cases involving email addresses that<br>
> can be easily confused...<br>
><br>
> 1. Use the email address as an indicator or pointer to a valid OpenID as<br>
> the email address is an identifier that the user currently remembers.<br>
> - this is the use case that EAUT is targeting and, if I understood<br>
> correctly, what Chris is discussing as well<br>
><br>
> 2. Verify an email address for those RP's that want/need/require a<br>
> "verified email address"<br>
> - this is more about the RP getting a verified identity attribute<br>
> - the expectation is that an OpenID based flow would allow a user
who<br>
> has to verify their email address to do it in "real time" rather
than<br>
> the async email method used today<br>
><br>
> I believe we need to keep these two use cases separate because the<br>
> intentions/outcome is really quite different.<br>
><o:p></o:p></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'> From a user experience
perspective, your point 2 here is an extension<br>
of point 1. In both of these cases, the user enters his email address to<br>
log in. In the second case, he doesn't need to check his email to verify<br>
his email address.[1]<br>
<br>
What am I missing here? What is gained by having the user enter an email<br>
address but not actually using it as the OpenID Identifier? This<br>
approach just seems really bizarre and makes the whole thing far less<br>
useful.<o:p></o:p></p>
</blockquote>
<div>
<p class=MsoNormal><br>
Just started tracking this thread, so apologies if this is off-base, but does
my comment on your blog post shed any light on the question about why to map
instead of use emails directly as OpenIDs?<br>
<br>
<a
href="http://community.livejournal.com/apparentlymart/18123.html?view=42443#t42443">http://community.livejournal.com/apparentlymart/18123.html?view=42443#t42443</a><br>
<br>
David<o:p></o:p></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>