[OpenID] Dual_Auth
Paul Tanner
paul at virtual-techno.com
Wed Apr 18 06:58:24 UTC 2007
I guess that there will be a lot of implementations that support
traditional and OpenID auth simultaneously.
We've been working on one (for intranets) just so we can properly
evaluate the usability aspects.
We decided (for the moment) to create a separate entry point for each
one (OpenID being the new default). At each of the two prompts there
will be a link to switch to the other and a link to a page that
explains why we have two and why the future is OpenID.
Of course the two systems must resolve to one set of user IDs
internally to avoid changes throughout the application. At the
moment we intend to do that with an extra field in the user accounts
database that will hold the OpenID. The alternative is to reuse the
username field. The two methods result in the same cookie that
grants access according to the account's prearranged rights.
Switching to OpenID will be done by entering that in the MyAccount
page - a similar step to changing a password in the old world.
At 20:00 17/04/2007, you wrote:
>I just ran across http://openid.net/wiki/index.php/Dual_Auth and I think
>that the third bullet point in the behaviour:
> * "If none are blank, log in using both methods, associating the OpenID
> with the user."
>is not really intuitive at all. I agree that there should be a way to
>associate existing accounts with an OpenID, but I think it should be a
>second step.
Paul Tanner - Virtual Technologies - http://www.virtual-techno.com
Tel: +44 1494 581979 Mob: +44 7973 223239 mailto:paul at virtual-techno.com
More information about the general
mailing list