<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Currently, Google OpenID users can be exempted from Email verification
when the Google OP returns an @gmail.com address, because the Google OP
will only return the @gmail.com address that is tied to the Google
Account.<br>
<br>
If we generalize this, if the RP trusts the user's email provider to
always assert the user's true email address, then why wouldn't an RP
trust the OP to always return a valid disposable email address?<br>
<br>
Allen<br>
<br>
<br>
Andrew Arnott wrote:
<blockquote
cite="mid:216e54900904062125i6a75b64ap6f4538627832cfe3@mail.gmail.com"
type="cite">True. This is a model I thought of a while back, when some
credit cards started generating one-time-use credit card numbers for
use when shopping online. I think this has a much higher chance of
working for people, although it doesn't at all solve the problem of
RP's needing to send the user through email verification.<br clear="all">
--<br>
Andrew Arnott<br>
"I [may] not agree with what you have to say, but I'll defend to the
death your right to say it." - Voltaire<br>
<br>
<br>
<div class="gmail_quote">On Mon, Apr 6, 2009 at 8:42 PM, Allen Tom <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:atom@yahoo-inc.com">atom@yahoo-inc.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im"><br>
Andrew Arnott wrote:<br>
><br>
> Thanks. Incidentally, the grief I have with Facebook is that I
have<br>
> to visit Facebook in order to pick up my "mail" which may just be a<br>
> poke or prod. *grumble* But yes, I'd like to see us provide a<br>
> general solution. And my personal queuing SP of choice would
likely<br>
> be one that sends copies of my messages in the email it sends me,
as<br>
> well as organizes them within its own web site for my review later.<br>
><br>
<br>
</div>
What if the OP generated a unique disposable email address for each RP<br>
that the user wants to allow email, and the OP just forwards it on to<br>
the user's real mailbox (or cell phone or IM, depending on the user's<br>
preference). If and when the user no longer wants to receive messages<br>
from the RP, the user can just deactivate the disposable email address.<br>
<br>
This might be easier to deploy than defining a standard messaging API<br>
and putting OAuth in front of it.<br>
<font color="#888888"><br>
Allen<br>
</font>
<div>
<div class="h5"><br>
<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br>
--~--~---------~--~----~------------~-------~--~----~<br>
You received this message because you are subscribed to the Google
Groups "OAuth" group. <br>
To post to this group, send email to <a class="moz-txt-link-abbreviated" href="mailto:oauth@googlegroups.com">oauth@googlegroups.com</a> <br>
To unsubscribe from this group, send email to
<a class="moz-txt-link-abbreviated" href="mailto:oauth+unsubscribe@googlegroups.com">oauth+unsubscribe@googlegroups.com</a> <br>
For more options, visit this group at
<a class="moz-txt-link-freetext" href="http://groups.google.com/group/oauth?hl=en">http://groups.google.com/group/oauth?hl=en</a><br>
-~----------~----~----~----~------~----~------~--~---<br>
<br>
</blockquote>
<br>
</body>
</html>