<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Re: [OpenID] email address
retrieval</title></head><body>
<div>>>What if I don't want the *OP* to know my E-mail address,
but I'm fine with *you* knowing it?<br>
></div>
<div>>The user is free to set up an email address and password with
my site and not use an OP for logging in.</div>
<div><br></div>
<div>I'm confused. It sounded at first like you just needed that
information for notification purposes, but now it looks like you also
(sometimes) use it for login purposes. I'm going to recap a couple of
OpenID's useful qualities:</div>
<div><br></div>
<div>1) Autofill of non-required (optional) personal/profile
information: SREG/AX can save the user from having to type all that
in.</div>
<div>2) Secure single-sign-on: user can have the same password for ALL
their different websites, *without* risking that any of those websites
(or operators), if compromised (or corrupt), can gain access to ALL
their accounts.</div>
<div><br></div>
<div>So, then, my options with your site are to either share my
address with my OP, or to just not use OpenID at all? That, frankly,
sucks ;)</div>
<div><br></div>
<div>>Yes that was what I was uncertain about. I checked the
Facebook Connect <a
href="http://www.somethingtoputhere.com/therunaround/">sample
application</a> and that is how it<i> appears</i> to work. Do certain
OPs withold email addresses and certain OPs make them available?</div>
<div><br></div>
<div>It's possible. The question for your site, I think, should be
whether you are going to tell the user "We are sorry, but your OP
(does not know / would not reveal) your E-mail address, so therefore
we are not even going to give you a place to enter that
information."</div>
<div><br></div>
<div>I suggest planning for use-cases where the user wants to use
OpenID *and* give you information that their OP is not privilege
to.</div>
<div><br></div>
<div>-Shade</div>
</body>
</html>