Reliance on AX Email address
Julian Bond
julian_bond at voidstar.com
Fri Jul 20 02:58:24 PDT 2007
Simon Willison <simon at simonwillison.net> Thu, 19 Jul 2007 09:21:29
>On 7/19/07, Julian Bond <julian_bond at voidstar.com> wrote:
>> If an OpenID Consumer receives an email address in Attribute Exchange,
>> how much reliance can be placed on that email address actually being
>> real?
>
>None at all.
This is kind of obvious. (doh!) Which is why I said "Is it common... for
OpenID Servers to validate email addresses before passing them on."
So perhaps the real question here is whether it should become a
convention and recommendation to people running OpenID servers that they
should do that. Or perhaps a value added service they could offer to
differentiate themselves. So as a Consumer *if* I get a full set of
Attributes from MyValidatedOpenId.com I could rely on them. But if they
come from AnyOldOtherOpenID.com I'd just go through the normal signup
process.
The reasoning behind this is questioning to what extent I can streamline
the signup process for a real world App using OpenID. If I don't need
any validation at all, then I can have a zero signup like
twitterfeed.com or Twitterwhere.com. But most real world apps need to
know it's a real email address (for later spam marketing!) so your
advice to just pre-fill the normal signup form and continue the normal
signup process is well taken.
--
Julian Bond E&MSN: julian_bond at voidstar.com M: +44 (0)77 5907 2173
Webmaster: http://www.ecademy.com/ T: +44 (0)192 0412 433
Personal WebLog: http://www.voidstar.com/ skype:julian.bond?chat
*** Just Say No To DRM ***
More information about the Dev
mailing list