[OpenID] OpenID Registration Scenario

[John Wang]

For a site that does not have sensitive information but does have an online
identity aspect where there will be a lot of information associated with
user's online identity on the site over time, does it make sense to have
OpenID users also create a local username/password?

I think it makes some sense to have a username since a user can have
multiple OpenIDs associated with one online identity. Additionally a
username will be more user-friendly to see on various pages. The username is
associated with a unique online identity for the site while the OpenID is
just an authentication method.

As for a local password, it seems to make for a better user experience to
have a fallback incase the user's OpenID OP auth server becomes unavailable
for whatever reason. This way the user can use OpenID when they want but if
it ever becomes unavailable, they still have access to their online
identity. From a community site perspective, it seems to make sense to give
the user a fallback auth mechanism controller by the site instead of forcing
the user to rectify the situation with their OP in case there's an issue
there.

>From the above, I'm thinking that it would make sense to have the user
register an account by creating a username/password or
username/captiveOpenID controlled by the site and then let the user
attach/associate OpenIDs to those accounts. The other question here is
whether one OpenID can only be attached to a single site account or whether
the user should be allowed to use the same OpenID for multiple site
accounts. The latter seems more flexible and user-friendly.

What do you think of the above and what are sites doing today with respect
to OpenID and local auth methods?

John

-- 
John Wang
http://www.dev411.com/blog/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070710/f131c0c6/attachment-0001.htm>