Google As An OpenID RP

Tuesday - 5 - I Convener: Ilan Caron, Eric Sachs, Yaniv Shuba Notes-taker(s): Jacky Wang A. Tags for the session - technology discussed/ideas considered: Technology discussed / demo / google practice B. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

1. Currently, Google accepts OpenID login for Blogger, Moderator, FriendConnect, Appengine, FreeMusic (in China) 2. GAIA - integrate OpenID into Google account management 3. Create Google account: "easy verification" - half of the Google accounts are created using the yahoo/aol(?) email addresses. Therefore, we'd like to verify whether the user is the guy they claim to be. 4. Hybrid onboarding - oauth plugged-in. 5. Support multiple ID provider protocols, like OpenID, Windows Live ID, and Chinese local ID providers (Renren.com, etc.) [Demo1: sync email validation]... - What kind of email addresses are considered to be trusted? Only the email provided by the same IDP. e.g.: abc@yahoo.com from Yahoo!, which is an IDP. [Demo2: federated login demo - share a Google doc to the Yahoo user] - How could user move their email, say, from yahoo to aol? The scenario is pretty complicated - it includes moving from federated domain to un-federated domain and vice versa, and federated domain to federated domain. It's an on-going effort. - What's the checklist that an IDP need to go through before Google trust them? Eric will start a new session on Wed to discuss it.