[OpenID] Relying Party Best Practices

Martin Atkins mart at degeneration.co.uk
Fri Mar 9 19:24:10 UTC 2007


Karl Anderson wrote:
> 
> That's a good point, but it contradicts the Would Be Nice practice of
> allowing users to change their identifier.   I think that's more
> important - remember, users should be able to preserve their identity
> if they switch providers.
> 

Users should be able to preserve their *accounts* if they change 
identifiers, but they can't preserve their "reputation". Just as if I 
change my name by deed poll lots of my existing relationships will 
become invalid, changing my OpenID identifier necessarily damages my 
existing relationships and reputation.

Currently the "solution" to this problem is sites like ClaimID which 
allow people to draw together all of their identifiers and other contact 
points. Anyone who trusts ClaimID can use it to verify that indeed I'm 
both =mart and mart.degeneration.co.uk if I tell them my 
ClaimID-provided identifier.





More information about the general mailing list