[Openid-specs-authzen] OpenID Connect Email Account Linking Extension
Salim BOU ARAM
bouaram.salim at gmail.com
Wed Sep 24 06:07:28 UTC 2025
Hi Alex,
Thank you very much for taking the time to read the draft and share your
feedback.
The OAuth WG suggested I discuss the draft here.
Just to clarify the “1-N secondary accounts” point: the idea is not that
users must link multiple N accounts, but that they can choose to link
additional accounts to their primary authenticated identity (up to an
IdP-defined N limit). For example, if an app offers “Sign in with Google,”
I could use example at gmail.com as my primary identity and link
example1 at gmail.com to access the same app account.
This may not have been clear in the draft.
Thanks again for the feedback, and I look forward to more input.
Best regards,
Salim
On Wed, 24 Sept 2025, 07:54 Alex Babeanu, <alex.babeanu at indykite.com> wrote:
> Hi Salim-Amine,
>
> Well, I'm not sure the AuthZEN group is the right group for this one, it
> looks more like an idea for the OAuth WG within IETF... I will let others
> weigh-in on that point.
>
> About the proposal, I think I'm not clear specifically on this: " User
> authenticates 1-N secondary accounts (IdP-defined limit)"
> --> based on experience in the field, users never actually do that. As a
> user, I know I wouldn't do it myself. I think there's more value for an
> organization in matching its various accounts based on common properties,
> than enabling a sort of "email/Account-SSO": after all, these users
> register different accounts for a reason: maybe for different types of
> access or even anonymity...
> My humble $0.02...
>
> Regards,
>
> ./\.
>
> On Tue, Sep 23, 2025 at 11:28 PM Salim BOU ARAM via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
>> Hello,
>>
>> I’ve submitted a draft that proposes a way for an RP to let a user link
>> multiple email accounts from the same IdP under a single primary identity.
>> Secondary logins resolve to the primary account, and linkages can expire or
>> be removed.
>> (
>> https://www.ietf.org/archive/id/draft-bouaram-oidc-email-linking-extension-00.html
>> )
>>
>> I’m interested to know if anyone finds this idea useful.
>>
>> This version is an initial draft and could be further enhanced based on
>> community feedback.
>>
>> Best regards,
>>
>> Salim-Amine Bou Aram
>> --
>> Openid-specs-authzen mailing list
>> Openid-specs-authzen at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>>
>
>
> --
>
>
> Alex Babeanu
> Lead Product Manager, AI Control Suite
> t. +1 604 728 8130
> e. alex.babeanu at indykite.com
> w. www.indykite.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250924/3c291987/attachment-0001.htm>
More information about the Openid-specs-authzen
mailing list