Account recovery

Chris Messina chris.messina at gmail.com
Thu Jan 22 04:24:49 UTC 2009


On Wed, Jan 21, 2009 at 5:59 PM, Sabari Devadoss <sabari_d at yahoo.com> wrote:

>
> > Perhaps email is something that you have to have in order to sign up
> > and access sites, but I'm not sure, again, that that's true for all
> > audiences. I think more research is necessary in this area, and in
> > specific applications.
> >
> > Chris
>
> If the OP passes a verified email address via sreg or A/X then the RP can
> store this information and use it for AR purposes in cases where the user
> has forgotten the identifier used to log into the RP.  One caveat is that
> the email being passed by the OP should be a verified email address.   As
> part of the sreg testing currently underway at Yahoo! we pass the Yahoo!
> email address attached to the identifier which requires no additional email
> verification step on the RP's part.


Google also passes a verified email via AX, so if this becomes more common,
then I think it is something that RPs could become  more reliant upon.

Chris

-- 
Chris Messina
Citizen-Participant &
 Open Web Advocate-at-Large

factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-user-experience/attachments/20090121/a334d74a/attachment-0002.htm>


More information about the user-experience mailing list