Re: [apps-discuss] What auth server supplies email addresses? Was webfinger discussion

Get an email address from what ID?  A Webfinger "acct" URI?

Paul

> -----Original Message-----
> From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org]
> On Behalf Of Alessandro Vesely
> Sent: Wednesday, March 28, 2012 7:28 AM
> To: apps-discuss@ietf.org
> Subject: [apps-discuss] What auth server supplies email addresses? Was
> webfinger discussion
> 
> I reproach myself for having missed the Internet Society Panel on OpenID
> and OAuth yesterday morning.  I'll try and find the recording.  Meanwhile,
> does someone know if there is a way to get an email address from an id?
> 
> On Wed 28/Mar/2012 12:40:20 +0200 James M Snell wrote:
> >
> >   If I want to know about user "bob@example.org", send a GET request to:
> >   http://example.org/.well-known/finger/{md5(acct:bob@example.org)} and
> >   see what I get back.
> 
> That implies the address is known.  Couldn't one use just
> 
>    http://example.org/.well-known/finger/{opaque-token}
> 
> and, possibly,
> 
>    http://example.org/.well-known/finger/{opaque-token}/email-addr?
> 
> The idea is that the relevant user, well, Bob in this case, can be logged
> in more or less at the same time as he triggered an automatic query of
> that url.
> For example, he might be buying a DVD at Amazon's.  Bob's server might let
> him choose whether to supply his plain email address or any variant
> thereof, possibly offering to update Sieve scripts while it's at it.
> 
> Is perhaps SCIM, or whatever other framework, nearer to such kind of use
> cases?  It could be used as a better double-opt-in...  (Yes, I'm the one
> who asked what's the difference between Webfinger and SCIM on Monday, and
> I'm apparently still unclear on that.)
> 
> _______________________________________________
> apps-discuss mailing list
> apps-discuss@ietf.org
> https://www.ietf.org/mailman/listinfo/apps-discuss