Dick Hardt wrote: > What is different with OpenID vs email is that there is certainty > that the user actually is the user. > I'm a little confused. How is there certainty that "the user actually is the user"? The viability of the identifier representing the same user is dependent on the OpenID provider not recycling identifiers. Or did you just mean that in email, authentication is not always required for someone to use an email identifier?
Note that the OpenID protocol does not prevent idp.spammers.com from allowing any identifier to be used and "authenticated" regardless of whether it's the same user or not. It is incumbent on the relying parties to determine if they will allow identifiers authenticated by a particular idp. Thanks, George _______________________________________________ specs mailing list specs@openid.net http://openid.net/mailman/listinfo/specs
