<div class="gmail_quote">2009/5/19 Santosh Rajan <span dir="ltr"><<a href="mailto:santrajan@gmail.com">santrajan@gmail.com</a>></span><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
That<br>
is why Facebook has not implemented OpenID for sign in and sign up. Because<br>
they cannot without an email address.</blockquote><br>Really? You say that sounding like you know. Who have you heard this from? Be careful what you say as if you know. Technically speaking from a general perspective, I would say Facebook could absolutely work without taking a user's email address, however as Shade said perhaps their database schema assumes an email address as a primary identifier. Even so, an OpenID URL with an email address as an attribute would certainly be adaptable by a database schema modeled after that. <br>
<br>Even if email addresses become a valid OpenID identifier, RPs will still have to perform email verification. It may be an optimized process, or it may be <i>worse</i>. I imagine there are only a couple of possible ways email addresses could become identifiers: every time the user logs in they have to also go to their inbox and click a link (right! like that would ever fly) or they must have a browser with a special plugin (also unlikely in the near future). If on the other hand RPs choose to trust certain OPs' email attribute assertions, the solution can be applied today and without any special software or behavior on the end user's part. And that's what I'm advocating for.<br>
</div>