atom at yahoo-inc.com
Fri Jan 23 03:19:40 UTC 2009
That makes a lot of sense to me.
Martin Atkins wrote:
> Allen Tom wrote:
>> It would be great if there was a way for an RP to discover if the
>> user's OP is authoritative for the user's email address.
> I still think that using the email address *as* the OpenID identifier
> is the best way to achieve this. A prerequisite of that is to somehow
> support discovery on the email address which allows you to determine
> which OpenID provider is authoritative for it.
> In Yahoo's case where directed identity is used I would expect this to
> manifest as a directed identity response with the identity set to
> mailto:username at yahoo.com, at which point the RP would do discovery on
> that email address (using a mechanism still to be determined) and find
> that the OP is indeed allowed to make assertions for that email
> address, just as we do for HTTP URLs today.
> user-experience mailing list
> user-experience at openid.net
More information about the user-experience