Posted by BPuhl on January 8, 2010
More fun in the federated cloud world. Traditionally, with EASI ID’s, the Email As Sign In meant that your user name was your email address. However, with federated ID’s, we’re sending a users UPN as their login ID, which may or may not map to a valid email address (in many cases, it doesn’t).
So what do you do then, if you have an application where a user can invite another person to access a resource? This is pretty common, I want to share a file on my skydrive, so I allow email@example.com access to the file, which also triggers a mail to firstname.lastname@example.org inviting them to sign up for a new Live ID if they don’t have one already, and if they do have one, then they can log in with it and access the file.
Unfortunately now, the person ACL’ing the file knows the users email address, but NOT their login name.
The answer will likely be some form of “click here” key in the invitation which will allow the application to associate an email address with an ID, but because this hasn’t been required in the past, it’s going to take some time for applications to adjust.