Messages 2.5 - Clarify that email_verified rules are context specific
Issue #797
resolved
Mark Wahl was asking what the verification rules are for email_verified. We should explicitly state that the meaning of email_verified is dependent upon the trust framework or other context in which it is used. I suggest adding the following:
The means by which an e-mail address must be verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.
Comments (5)
-
-
reporter
-
assigned issue to
Michael Jones
We will add this clarification.
-
assigned issue to
-
reporter
We can say that this typically means that the OP has taken steps to ensure that this is an e-mail address owned by the user.
-
"OpenID Provider has taken an affirmative steps to insure that the email identifier was under the control of the user at the time of the verification. "
Put note on how it is typically used.
-
reporter
- changed status to resolved
Fixed
#797- Clarified the intended semantics of e-mail verification and that the precise verification rules are context-specific.→ <<cset 3aab3c3b9efe>>
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Messages
- Milestone
- Implementer's Draft
- Version
- –
- Votes
- 0
- Watchers
- 0
OK