2
edits
Changes
Can use OpenID SREG for email exchange
** Currently still using email. Might work on using in conjunction with [https://bugzilla.mozilla.org/show_bug.cgi?id=218917 Myk Melez's patch for arbitrary BZ names], but want to get something working first.
* Should email verification process still occur?
** There doesn't appear to be any way around it, as there's no way to query an OpenID server for an email address. That may mean that [http://lid.netmesh.org/ LID] or FOAF is also needed to make this work in a way that doesn't require an email verification ping-pong. (Take a look at [http://openid.net/specs/openid-simple-registration-extension-1_0.html OpenID Simple Registration Extension], it will do what you want and is supported by many IdPs). Current version must be used in tandem with DB.
* Should a confirm hash style verification (ala Mailman or GForge) be created, as opposed to mailing a password to the user
** Awaiting fix for [https://bugzilla.mozilla.org/show_bug.cgi?id=87795 Bugzilla Bug 87795 Creating an account should send token and wait for confirmation (prevent user account abuse)]
