Account recovery

Allen Tom atom at yahoo-inc.com
Fri Jan 23 03:19:40 UTC 2009


That makes a lot of sense to me.

Allen


Martin Atkins wrote:
> Allen Tom wrote:
>
>> It would be great if there was a way for an RP to discover if the 
>> user's OP is authoritative for the user's email address.
>>
>
> I still think that using the email address *as* the OpenID identifier 
> is the best way to achieve this. A prerequisite of that is to somehow 
> support discovery on the email address which allows you to determine 
> which OpenID provider is authoritative for it.
>
> In Yahoo's case where directed identity is used I would expect this to 
> manifest as a directed identity response with the identity set to 
> mailto:username at yahoo.com, at which point the RP would do discovery on 
> that email address (using a mechanism still to be determined) and find 
> that the OP is indeed allowed to make assertions for that email 
> address, just as we do for HTTP URLs today.
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience




More information about the user-experience mailing list