BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Sabre//Sabre VObject 4.5.8//EN CALSCALE:GREGORIAN LAST-MODIFIED:20260219T071154Z BEGIN:VTIMEZONE TZID:Asia/Tokyo X-MICROSOFT-CDO-TZID:20 BEGIN:STANDARD DTSTART:20241116T233000 TZOFFSETFROM:+0900 TZOFFSETTO:+0900 TZNAME:JST END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:9d36f30a-3f6f-4e82-b7b2-1c88546e57e5 DTSTAMP:20260219T071154Z SUMMARY:Email Verification Protocol DTSTART;TZID=Asia/Tokyo:20251112T083000 DTEND;TZID=Asia/Tokyo:20251112T093000 DESCRIPTION:https://www.w3.org/events/meetings/9d36f30a-3f6f-4e82-b7b2-1c88 546e57e5/\n\nVerifying control of an email address is a frequent activity on the web today and is used both to prove the user has provided a valid e mail address\, and as a means of authenticating the user when returning to an application.\n\nVerification is performed by either:\n\n- Sending the user a link they click on or a verification code. This requires the user t o switch from the application they are using to their email address and ha ving to wait for the email arrive\, and then perform the verification acti on. This friction often causes drop off in users completing the task. Ther e are privacy implications as the email transmission informs the mail serv ice the applications the user is using and when they used them.\n- The use r logs in with a social login provider such as Apple or Google that provid e a verified email address. This requires the application to have set up a relationship with each social provider\, and the user to be using one of those services and wanting to share the additional profile information tha t is also provided in the OpenID Connect flow.\n\nThe Email Verification P rotocol enables a web application to obtain a verified email address witho ut sending an email\, and without the user leaving the web page they are o n. To enable the functionality\, the mail domain delegates email verificat ion to an issuer that has authentication cookies for the user. When the us er provides an email to the HTML form field\, the browser calls the issuer passing authentication cookies\, the issuer returns a token\, which the b rowser verifies and updates and provides to the web application. The web a pplication then verifies the token and has a verified email address for th e user.\n\nUser privacy is enhanced as the issuer does not learn which web application is making the request as the request is mediated by the brows er.\n\nhttps://github.com/WICG/email-verification-protocol\n\n**Goal(s):** \nShare an early exploration and make an invitation to developers and brow ser engines to participate\n\nAgenda\n\n- Introduction to the Problem\n- I ntroduction to the Proposal\n- Open Discussion\n\n**Materials:**\n- [Sessi on proposal on GitHub](https://github.com/w3c/tpac2025-breakouts/issues/77 ) STATUS:CONFIRMED CREATED:20251028T131725Z LAST-MODIFIED:20260219T071154Z SEQUENCE:3 ORGANIZER;CN=W3C Calendar;PARTSTAT=ACCEPTED;ROLE=NON-PARTICIPANT:mailto:nor eply@w3.org LOCATION:Floor 5 - 504 CATEGORIES:TPAC 2025,Breakout Sessions END:VEVENT END:VCALENDAR