On 4/11/07, Jon Warbrick <[log in to unmask]> wrote:
>
> Ironic isn't it? Users (in the mass) generally want us to simultaneously:
>
> a) preserve their privacy by not divulging personal data (like e-mail
> address)
>
> and
>
> b) make it easy to access sites that need various bits of information
> (like e-mail address)
Right, your observation nicely illustrates the natural tension between
IdP and SP in a cross-domain federated scenario. A solution is for
the SP to obtain an e-mail address from the user on its own and to
bind the e-mail address to a persistent identifier asserted by the IdP
(with the user's permission of course). This brings us back to the
notion of account linking mentioned at the beginning of this thread.
Cheers,
Tom Scavo
NCSA
|