Account recovery
George Fletcher
gffletch at aol.com
Thu Jan 22 17:22:28 UTC 2009
Very cool. Maybe I mis-understood Sabari's email, but I got the
impression that Yahoo! was testing support for verified email in the
SREG protocol and so I was wondering how that's being done. If there is
a simple extension to use until AX 2.0 is out and we've (AOL) upgraded
to AX from SREG, then I'm interested even if it's not 100% official.
Thanks,
George
Breno de Medeiros wrote:
>
>
> On Thu, Jan 22, 2009 at 5:25 AM, George Fletcher <gffletch at aol.com
> <mailto:gffletch at aol.com>> wrote:
>
> Curious as to how you pass the verified email address using SREG
> (since the spec doesn't allow for this). Do you just assume that
> if the RP asks for the opeid.sreg.email that the RP want's the
> verified email address and the user has no choice about supplying
> a different email address?
>
> I know for me, that depending on the site I'm logging into with my
> OpenID, I might not want to use the verified email address
> attached to the OpenID. I tend to use different email addresses
> for different purposes, and forcing me to use the verified email
> address on my OpenID would "pollute" that separation I'm trying to
> maintain:)
>
> That said, I'm all for supporting verified email in SREG, I think
> we just need an extension so that the RP can specify specifically
> whether it wants a user selected email address? or the OP verified
> email address for the user.
>
>
> That's hopefully coming in AX 2.0.
>
>
>
>
> Thanks,
> George
>
>
> Sabari Devadoss wrote:
>
> Perhaps email is something that you have to have in order
> to sign up
> and access sites, but I'm not sure, again, that that's
> true for all
> audiences. I think more research is necessary in this
> area, and in
> specific applications.
>
> Chris
>
>
>
> If the OP passes a verified email address via sreg or A/X then
> the RP can store this information and use it for AR purposes
> in cases where the user has forgotten the identifier used to
> log into the RP. One caveat is that the email being passed by
> the OP should be a verified email address. As part of the
> sreg testing currently underway at Yahoo! we pass the Yahoo!
> email address attached to the identifier which requires no
> additional email verification step on the RP's part.
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net <mailto:user-experience at openid.net>
> http://openid.net/mailman/listinfo/user-experience
>
>
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net <mailto:user-experience at openid.net>
> http://openid.net/mailman/listinfo/user-experience
>
>
>
>
> --
> --Breno
>
> +1 (650) 214-1007 desk
> +1 (408) 212-0135 (Grand Central)
> MTV-41-3 : 383-A
> PST (GMT-8) / PDT(GMT-7)
> ------------------------------------------------------------------------
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
>
More information about the user-experience
mailing list