[Openid-specs-risc] Should we handle indirect relationships?
George Fletcher
gffletch at aol.com
Tue Nov 22 17:50:52 UTC 2016
Hi,
Given that at AOL we are a relying party to Google, Facebook, Yahoo,
Twitter, LinkedIn, etc. ... when a user logs in via Facebook with an
email address of *@gmail.com, should AOL subscribe at both Facebook and
Google? or just Facebook?
This is similar to the enterprise case we talked about in the F2F. In
that case it was someone logging in via Google with an identity that is
not authenticated by Google but rather by the owning enterprise domain.
Thoughts?
Thanks,
George
More information about the Openid-specs-risc
mailing list