gffletch at aol.com
Thu Jan 22 13:25:16 UTC 2009
Curious as to how you pass the verified email address using SREG (since
the spec doesn't allow for this). Do you just assume that if the RP asks
for the opeid.sreg.email that the RP want's the verified email address
and the user has no choice about supplying a different email address?
I know for me, that depending on the site I'm logging into with my
OpenID, I might not want to use the verified email address attached to
the OpenID. I tend to use different email addresses for different
purposes, and forcing me to use the verified email address on my OpenID
would "pollute" that separation I'm trying to maintain:)
That said, I'm all for supporting verified email in SREG, I think we
just need an extension so that the RP can specify specifically whether
it wants a user selected email address? or the OP verified email address
for the user.
Sabari Devadoss wrote:
>> Perhaps email is something that you have to have in order to sign up
>> and access sites, but I'm not sure, again, that that's true for all
>> audiences. I think more research is necessary in this area, and in
>> specific applications.
> If the OP passes a verified email address via sreg or A/X then the RP can store this information and use it for AR purposes in cases where the user has forgotten the identifier used to log into the RP. One caveat is that the email being passed by the OP should be a verified email address. As part of the sreg testing currently underway at Yahoo! we pass the Yahoo! email address attached to the identifier which requires no additional email verification step on the RP's part.
> user-experience mailing list
> user-experience at openid.net
More information about the user-experience