Sharded email at provisioning stage depends on RP

[davidben]

The provisioning stage mentions that the browser doesn't unveil who the RP is yet, but that the IdP already provides a sharded email ("email": "sjkld2093@gmail.com"). That email is then shown in the consent stage mock. But, short of standardizing some deterministic function to go from canonical to sharded email for the browser to compute, this value cannot actually be produced by this stage.

The sharded email can probably just be removed from the provisioning stage and left to just the real one. (I see that's in the mock, but not the sample response. Was the idea that the response contains both?) We only need the information that would be shown in the consent prompt, but showing "sjkld2093@gmail.com" in the consent prompt doesn't actually tell the user much. The sharded email is not recognizable or recitable, and the important point is that the email forwards to their real one.

For comparison, I see Apple's email hiding feature says "Hide My Email; Forward to [email]" in the prompt.

[achimschloss]

Adding to this, the sharded / directed e-mail claim feature requires clarification in general (the privacy goal is clear) (https://code.sgo.to/WebID/#directed-basic-profile)

• given RPs use e-mail addresses to communicate out-of-band with users, who is responsible for generating the addresses and proxying these messages?
• It seems hardly achievable to build a proper setup for this without the IdP supporting this type of directed e-mail natively including the e-mail proxy/forwarding features (as @davidben mentions, user won't be interested / or recognise these directed e-mails)
• making this a mandatory requirement is a really high bar in terms of effort for IDPs, more so because they might not all be e-mail service providers themselves.
• Even if the IdP would be willing to support it, it would be hard to achieve if the IdP is not also in direct control of the top-level e-mail domain (security consideration, address conflicts, ....). They could off course use a dedicated proxy domain only for that purpose, but that seems way beyond the idea of just changing a JS-side integration.
• There seems to be a lot to consider to make this happen, given the e-mail is used for a lot of scenarios specifically also account recovery etc.

[samuelgoto]

That email is then shown in the consent stage mock.

Yeah, that is a mock bug that you are right can't be achieved, unless we (a) reveal to the IdP who the RP is or (b) use a agreed upon sharding scheme.

We never got so far as implementing this feature, so I'm going to close this as a "mock bug" until we get towards a more concrete and up to date proposal on how to provide directed email addresses.

For comparison, I see Apple's email hiding feature says "Hide My Email; Forward to [email]" in the prompt.

Yeah, as you suggested, that could be a good way to go about it.

Since the mock that we were using was part of a proposal that is obsolete (e.g. no one is currently pursuing that UI), I'll close this issue until someone actually works on an active proposal to show directed email addresses.