[Haskell-cafe] Unified Haskell login
Michael Snoyman
michael at snoyman.com
Sun Sep 19 11:12:36 EDT 2010
Let me respond to this directly since a number of people have brought this up:
Due to spam reasons we can't trust the email given via an OpenID
provider in general. For example, it would be trivial for me to create
an OpenID provider for myself, set my email address as <insert someone
else's address here> and essentially spam them.
By going with a service like Facebook or Google, we know (or at least
assume) that they do proper email validation, so we could immediately
accept this value without needing to verify it ourselves.
In other words: Yes, I know there are extensions to OpenID. And no, we
can't use it to get a verified email address.
Michael
On Sun, Sep 19, 2010 at 4:54 PM, Tim Matthews <tim.matthews7 at gmail.com> wrote:
>
>
> On Fri, Sep 17, 2010 at 6:47 PM, Michael Snoyman <michael at snoyman.com>
> wrote:
>>
>> * OpenID. Fixes the extra password problem, but doesn't give us any
>> extra information about the user (email address, etc).
>
> I have my open id with verisign. https://pip.verisignlabs.com/
>
> Verisign doesn't give me an email address but stores info about me including
> what my email address is, nickname, dob, time zone etc. In this case I have
> my verisign pip store my gmail address among other things and when I signed
> up for stackoverflow among a few other sites I had a page showing what my
> verisign pip stores and which of those infos I would like copied to my newly
> created stackoverflow account.
>
More information about the Haskell-Cafe
mailing list