Account recovery

Cornelius Schumacher cschum at suse.de
Thu Jan 22 13:24:46 UTC 2009


On Thursday 22 January 2009, Sabari Devadoss wrote:
>
> If the OP passes a verified email address via sreg or A/X then the RP can
> store this information and use it for AR purposes in cases where the user
> has forgotten the identifier used to log into the RP.  One caveat is that
> the email being passed by the OP should be a verified email address.   As
> part of the sreg testing currently underway at Yahoo! we pass the Yahoo!
> email address attached to the identifier which requires no additional email
> verification step on the RP's part.

Is there a way to find out, if the passed email address is verified and maybe 
even what level of verification is done?

-- 
Cornelius Schumacher <cschum at suse.de>



More information about the user-experience mailing list