If the OP allows the user to specify an email address without confirming it, the RP should know that - and then do their own confirmation if that email address is being used, say, for sending a receipt after a purchase, or for recovering an account if a user forgets their OpenID (which happens more than you'd imagine).
Or identity correlation - "Hi there, '[email protected]'. Our list subscriptions are indexed by E-mail address, which is a reasonably unique identifier in the E-mail namespace, so would you like to see the archives of any list you are currently subscribed to?".
-Shade _______________________________________________ specs mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-specs
