Account recovery

Allen Tom atom at
Fri Jan 23 03:19:40 UTC 2009

That makes a lot of sense to me.


Martin Atkins wrote:
> Allen Tom wrote:
>> It would be great if there was a way for an RP to discover if the 
>> user's OP is authoritative for the user's email address.
> I still think that using the email address *as* the OpenID identifier 
> is the best way to achieve this. A prerequisite of that is to somehow 
> support discovery on the email address which allows you to determine 
> which OpenID provider is authoritative for it.
> In Yahoo's case where directed identity is used I would expect this to 
> manifest as a directed identity response with the identity set to 
> mailto:username at, at which point the RP would do discovery on 
> that email address (using a mechanism still to be determined) and find 
> that the OP is indeed allowed to make assertions for that email 
> address, just as we do for HTTP URLs today.
> _______________________________________________
> user-experience mailing list
> user-experience at

More information about the user-experience mailing list