1 comment

[ 2.8 ms ] story [ 14.5 ms ] thread
"We don't check that the user is authoritative for an email address, some thought needs to go into how we prove a user has access to an email address in a federated system."

Ideas?