Security is based on the authenticity of elements in BRM3, which contains a signature element
Smartsheet identifies a user by "openid.ext1.value.email"
in BRM3, so the key question is whether "openid.ext1.value.email"
can be overwritten by the attacker.
openid.ext1.type.email (type.email in short) in BRM1 determines what value value.email in BRM3 will return. If type.email is "http://schema.openid.net/contact/email", then value.email will contain the user's email. If type.email is "http://axschema.org/namePerson/first",
then value.email contains the user's first name.