[Openid-specs-authzen] OpenID Connect Email Account Linking Extension

[Alex Babeanu]

Hi Salim-Amine,

Well, I'm not sure the AuthZEN group is the right group for this one, it
looks more like an idea for the OAuth WG within IETF... I will let others
weigh-in on that point.

About the proposal, I think I'm not clear specifically on this: " User
authenticates 1-N secondary accounts (IdP-defined limit)"
--> based on experience in the field, users never actually do that. As a
user, I know I wouldn't do it myself. I think there's more value for an
organization in matching its various accounts based on common properties,
than enabling a sort of "email/Account-SSO": after all, these users
register different accounts for a reason: maybe for different types of
access or even anonymity...
My humble $0.02...

Regards,

./\.

On Tue, Sep 23, 2025 at 11:28 PM Salim BOU ARAM via Openid-specs-authzen <
openid-specs-authzen at lists.openid.net> wrote:

> Hello,
>
> I’ve submitted a draft that proposes a way for an RP to let a user link
> multiple email accounts from the same IdP under a single primary identity.
> Secondary logins resolve to the primary account, and linkages can expire or
> be removed.
> (
> https://www.ietf.org/archive/id/draft-bouaram-oidc-email-linking-extension-00.html
> )
>
> I’m interested to know if anyone finds this idea useful.
>
> This version is an initial draft and could be further enhanced based on
> community feedback.
>
> Best regards,
>
> Salim-Amine Bou Aram
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>


-- 


Alex Babeanu
Lead Product Manager, AI Control  Suite
t. +1 604 728 8130
e. alex.babeanu at indykite.com
w. www.indykite.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250924/a85c3642/attachment.htm>