Account recovery

George Fletcher gffletch at aol.com
Thu Jan 22 17:22:28 UTC 2009


Very cool. Maybe I mis-understood Sabari's email, but I got the 
impression that Yahoo! was testing support for verified email in the 
SREG protocol and so I was wondering how that's being done. If there is 
a simple extension to use until AX 2.0 is out and we've (AOL) upgraded 
to AX from SREG, then I'm interested even if it's not 100% official.

Thanks,
George

Breno de Medeiros wrote:
>
>
> On Thu, Jan 22, 2009 at 5:25 AM, George Fletcher <gffletch at aol.com 
> <mailto:gffletch at aol.com>> wrote:
>
>     Curious as to how you pass the verified email address using SREG
>     (since the spec doesn't allow for this). Do you just assume that
>     if the RP asks for the opeid.sreg.email that the RP want's the
>     verified email address and the user has no choice about supplying
>     a different email address?
>
>     I know for me, that depending on the site I'm logging into with my
>     OpenID, I might not want to use the verified email address
>     attached to the OpenID. I tend to use different email addresses
>     for different purposes, and forcing me to use the verified email
>     address on my OpenID would "pollute" that separation I'm trying to
>     maintain:)
>
>     That said, I'm all for supporting verified email in SREG, I think
>     we just need an extension so that the RP can specify specifically
>     whether it wants a user selected email address? or the OP verified
>     email address for the user.
>
>
> That's hopefully coming in AX 2.0.
>  
>
>
>
>     Thanks,
>     George
>
>
>     Sabari Devadoss wrote:
>
>             Perhaps email is something that you have to have in order
>             to sign up
>             and access sites, but I'm not sure, again, that that's
>             true for all
>             audiences. I think more research is necessary in this
>             area, and in
>             specific applications.
>
>             Chris
>                
>
>
>         If the OP passes a verified email address via sreg or A/X then
>         the RP can store this information and use it for AR purposes
>         in cases where the user has forgotten the identifier used to
>         log into the RP.  One caveat is that the email being passed by
>         the OP should be a verified email address.   As part of the
>         sreg testing currently underway at Yahoo! we pass the Yahoo!
>         email address attached to the identifier which requires no
>         additional email verification step on the RP's part.  
>         _______________________________________________
>         user-experience mailing list
>         user-experience at openid.net <mailto:user-experience at openid.net>
>         http://openid.net/mailman/listinfo/user-experience
>
>          
>
>     _______________________________________________
>     user-experience mailing list
>     user-experience at openid.net <mailto:user-experience at openid.net>
>     http://openid.net/mailman/listinfo/user-experience
>
>
>
>
> -- 
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> ------------------------------------------------------------------------
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>   



More information about the user-experience mailing list