Let me respond to this directly since a number of people have brought this up:
Due to spam reasons we can't trust the email given via an OpenID provider in general. For example, it would be trivial for me to create an OpenID provider for myself, set my email address as <insert someone else's address here> and essentially spam them. By going with a service like Facebook or Google, we know (or at least assume) that they do proper email validation, so we could immediately accept this value without needing to verify it ourselves. In other words: Yes, I know there are extensions to OpenID. And no, we can't use it to get a verified email address. Michael On Sun, Sep 19, 2010 at 4:54 PM, Tim Matthews <[email protected]> wrote: > > > On Fri, Sep 17, 2010 at 6:47 PM, Michael Snoyman <[email protected]> > wrote: >> >> * OpenID. Fixes the extra password problem, but doesn't give us any >> extra information about the user (email address, etc). > > I have my open id with verisign. https://pip.verisignlabs.com/ > > Verisign doesn't give me an email address but stores info about me including > what my email address is, nickname, dob, time zone etc. In this case I have > my verisign pip store my gmail address among other things and when I signed > up for stackoverflow among a few other sites I had a page showing what my > verisign pip stores and which of those infos I would like copied to my newly > created stackoverflow account. > _______________________________________________ Haskell-Cafe mailing list [email protected] http://www.haskell.org/mailman/listinfo/haskell-cafe
