<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Is the plan to ensure that whatever mechanism is defined to express
'verified' for an email address will be applicable for other
attributes, e.g. birth date etc<br>
<br>
Paul<br>
<br>
Brian Kissel wrote:
<blockquote
cite="mid:419E40647338514BBA4F8031282090AE1D5909E830@VMBX107.ihostexchange.net"
type="cite">
<pre wrap="">+1. As Allen has said before, and many RPs have confirmed, a verified email address with the attributes he's recommending allow RPs to remove a very problematic step in their workflow where the user has to get an email from the RP then click on it to "verify" the address before enabling an account. There are non-trivial registration losses in this workflow when those verification emails go to spam folders or users just forget to click the link. Delivering a verified email let's RPs register a user in real time eliminating this step in the workflow. This gets higher registrations and instantaneous access and gratification to the user.
Cheers,
Brian
___________
Brian Kissel
CEO, JanRain - WebID and Social Publishing for User Engagement
Email: <a class="moz-txt-link-abbreviated" href="mailto:bkissel@janrain.com">bkissel@janrain.com</a> Cell: 503.866.4424 Fax: 503.296.5502
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a> [<a class="moz-txt-link-freetext" href="mailto:openid-specs-bounces@lists.openid.net">mailto:openid-specs-bounces@lists.openid.net</a>] On Behalf Of Joseph A Holsten
Sent: Tuesday, December 08, 2009 1:57 AM
To: Allen Tom
Cc: <a class="moz-txt-link-abbreviated" href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a>
Subject: Re: Yahoo available AX attrs
I understand the desire to say that the email is verified, but it
strikes me as a bit like the urgent priority field in email. "No email
provided" vs "This is the user's email" vs "This is Really the User's
Email and I Mean It". Unless it means "This is the user's email, I've
done due diligence, and you can hold me legally liable." Everything
else boils down to understanding what the OP means when they make an
assertion.
If you really want a verified flag/timestamp/zero-knowledge-proof,
perhaps you have a better idea about the interaction flow when things
aren't verified to 100% certainty. Would the OP require the user to
verify their email before allowing them to authenticate? Leave it up
to the RP to verify? What if the OP says they're certain but the RP
doesn't actually trust them? What happens when the OP says they've
verified, but not 100% certain? Do you expect different RPs to make
different decisions in these circumstances? How would they choose?
I'm assuming we're not talking about RPs that have a significant
legal / medical / financial interest in accurate assertions, because
that's legal liability / consent / know your customer and you'll need
more than a timestamp+i-mean-it for that.
--
j
On Dec 7, 2009, at 10:36 PM, Allen Tom wrote:
</pre>
<blockquote type="cite">
<pre wrap="">I'd recommend using a timestamp indicating when it was last
verified, with a special value to indicate that the OP is also the
email provider and has 100% certainty. (perhaps just setting the
verification time==now is sufficient)
Allen
On 12/7/09 8:29 PM, "Chris Messina" <a class="moz-txt-link-rfc2396E" href="mailto:chris.messina@gmail.com"><chris.messina@gmail.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Sounds like something to add to PoCo... perhaps something as simple
as a "verified" boolean added to email addresses?
<a class="moz-txt-link-freetext" href="http://portablecontacts.net/draft-schema.html#anchor4">http://portablecontacts.net/draft-schema.html#anchor4</a>
Chris
On Mon, Dec 7, 2009 at 8:25 PM, Brian Kissel <a class="moz-txt-link-rfc2396E" href="mailto:bkissel@janrain.com"><bkissel@janrain.com></a>
wrote:
</pre>
<blockquote type="cite">
<pre wrap="">+1 on email address metadata, many RPs definitely want this.
Cheers,
Brian
___________
Brian Kissel
CEO, JanRain - WebID and Social Publishing for User Engagement
Email: <a class="moz-txt-link-abbreviated" href="mailto:bkissel@janrain.com">bkissel@janrain.com</a> Cell: 503.866.4424 Fax:
503.296.5502
-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:openid-specs-bounces@lists.openid.net">openid-specs-bounces@lists.openid.net</a> [<a class="moz-txt-link-freetext" href="mailto:openid-specs-bounces@lists.openid.net">mailto:openid-specs-bounces@lists.openid.net</a>
] On Behalf Of Allen Tom
Sent: Monday, December 07, 2009 7:46 PM
To: Peter Watkins; Chris Obdam; <a class="moz-txt-link-abbreviated" href="mailto:openid-specs@lists.openid.net">openid-specs@lists.openid.net</a>
Subject: Re: Yahoo available AX attrs
Oops - I clicked send too early.
The bad UX with AX is the security warning that most browsers
display when
POSTing a form from HTTPS to HTTP, which is the case when the
Yahoo OP
returns a lot of attributes. AX attribute names are excessively
long, so
it's very likely that using different attribute names for first/
last/middle
name will cause the response to be returned via POST. (2KB is the
cutoff
point)
With regards to email address - unless we're 100% sure about the
email
address, we'd like to return metadata about the email address.
Specifically,
we'd like to indicate whether or not the email address was
verified, and if
so, when it was verified. This is definitely something that we'd
like to get
in to AX 2.0.
Allen
On 12/7/09 7:39 PM, "Allen Tom" <a class="moz-txt-link-rfc2396E" href="mailto:atom@yahoo-inc.com"><atom@yahoo-inc.com></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">It definitely makes sense to use different attributes for
</pre>
</blockquote>
<pre wrap="">givennanme/surname
</pre>
<blockquote type="cite">
<pre wrap="">so that RPs don't have to parse the string, and a few other RPs
</pre>
</blockquote>
<pre wrap="">have also
</pre>
<blockquote type="cite">
<pre wrap="">asked for it. Our initial goal for our AX implementation was
</pre>
</blockquote>
<pre wrap="">just to match
</pre>
<blockquote type="cite">
<pre wrap="">SREG, and SREG only has a single openid.sreg.fullname attribute.
We'll add support for separate first/last/middle/suffix
</pre>
</blockquote>
<pre wrap="">attributes in a
</pre>
<blockquote type="cite">
<pre wrap="">followup release - probably early next year. I do hope that
</pre>
</blockquote>
<pre wrap="">we're able to
</pre>
<blockquote type="cite">
<pre wrap="">standardize the attribute names, and also keep them short and
</pre>
</blockquote>
<pre wrap="">compact. If you
</pre>
<blockquote type="cite">
<pre wrap="">ask for all our supported attributes, the response will exceed
</pre>
</blockquote>
<pre wrap="">2KB, which
</pre>
<blockquote type="cite">
<pre wrap="">requires that the response is returned via POST, causing a
</pre>
</blockquote>
<pre wrap="">really bad UX.
</pre>
<blockquote type="cite">
<pre wrap="">With regards to email address - we'd like to be able to return
</pre>
</blockquote>
<pre wrap="">metadata about
</pre>
<blockquote type="cite">
<pre wrap="">the email address w
On 12/7/09 7:25 AM, "Peter Watkins" <a class="moz-txt-link-rfc2396E" href="mailto:peterw@tux.org"><peterw@tux.org></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">On Mon, Dec 07, 2009 at 09:16:46AM +0100, Chris Obdam wrote:
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Chris (Obdam) - which additional attributes would you like
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">to see
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">available? The attributes that we'll be adding early next
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">year will include
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Yahoo Profile URL and account creation date. A bunch of
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">people have asked
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">for Flickr Photos URL and Upcoming Profile URL, so we'll
</pre>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">probably get
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">around
to adding those too.
</pre>
</blockquote>
<pre wrap="">I would like to access every attr specified in de AXschema? :-)
In my Yahoo profile i have provided my address (home and
</pre>
</blockquote>
</blockquote>
</blockquote>
<pre wrap="">work). I would like
</pre>
<blockquote type="cite">
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">to use those in a sign form somewhere else.
Same goes for my phone numbers.
</pre>
</blockquote>
<pre wrap="">So would I. One of the simpler goals of our Single Sign On is
</pre>
</blockquote>
</blockquote>
<pre wrap="">prepopulating
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">form fields; having postal address and phone number would be a
</pre>
</blockquote>
</blockquote>
<pre wrap="">help.
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">I'd also like to see First and Last names available as separate
</pre>
</blockquote>
</blockquote>
<pre wrap="">attributes,
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">otherwise we're trying to intelligently split both "Mary Jane
</pre>
</blockquote>
</blockquote>
<pre wrap="">Parker" and
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">"Malcom Mac Murray".
Also I would prefer that you give us the user's *primary* email
</pre>
</blockquote>
</blockquote>
<pre wrap="">address. In
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">my Yahoo profile, my Yahoo email address is flagged as "Share
</pre>
</blockquote>
</blockquote>
<pre wrap="">with no one"
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">and I have a different email address flagged as primary, but
</pre>
</blockquote>
</blockquote>
<pre wrap="">your AX sends
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">my yahoo email address. That's bad from usability in part
</pre>
</blockquote>
</blockquote>
<pre wrap="">because I very,
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">very seldom check my Yahoo email inbox.
The Yahoo website attribute would also be nice to have; as we
</pre>
</blockquote>
</blockquote>
<pre wrap="">start
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">building more "social" features on our sites, it would be nice
</pre>
</blockquote>
</blockquote>
<pre wrap="">to make
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">it easier for our users to share links to their primary web
</pre>
</blockquote>
</blockquote>
<pre wrap="">presences,
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">although I can understand if Yahoo management prefers to only
</pre>
</blockquote>
</blockquote>
<pre wrap="">expose the
</pre>
<blockquote type="cite">
<blockquote type="cite">
<pre wrap="">Profile URL for business reasons.
Thanks,
Peter
</pre>
</blockquote>
</blockquote>
<pre wrap="">_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
_______________________________________________
specs mailing list
<a class="moz-txt-link-abbreviated" href="mailto:specs@lists.openid.net">specs@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs">http://lists.openid.net/mailman/listinfo/openid-specs</a>
</pre>
</blockquote>
</body>
</html>