Account recovery
Allen Tom
atom at yahoo-inc.com
Fri Jan 23 03:19:40 UTC 2009
That makes a lot of sense to me.
Allen
Martin Atkins wrote:
> Allen Tom wrote:
>
>> It would be great if there was a way for an RP to discover if the
>> user's OP is authoritative for the user's email address.
>>
>
> I still think that using the email address *as* the OpenID identifier
> is the best way to achieve this. A prerequisite of that is to somehow
> support discovery on the email address which allows you to determine
> which OpenID provider is authoritative for it.
>
> In Yahoo's case where directed identity is used I would expect this to
> manifest as a directed identity response with the identity set to
> mailto:username at yahoo.com, at which point the RP would do discovery on
> that email address (using a mechanism still to be determined) and find
> that the OP is indeed allowed to make assertions for that email
> address, just as we do for HTTP URLs today.
>
> _______________________________________________
> user-experience mailing list
> user-experience at openid.net
> http://openid.net/mailman/listinfo/user-experience
More information about the user-experience
mailing list