[OpenID] OpenID Registration Scenario

Immad Akhund i.akhund at gmail.com
Wed Jul 11 20:06:15 UTC 2007 

>
> As to a local password, I would instead just use email as an account
> retrieval mechanism if needed.



Assuming they have lost control of their previous openid; after they receive
the account retrieval email wouldn't it make sense for them to setup a
username/password to retrieve their account or would you think they should
have a second openid ready to associate their account to?

I personally think using a local fallback in the form of an optional
username/password makes sense. But it's really up to the RP and its needs.
Having a "captiveOpenID" doesn't make sense as a solution to this scenario
since they would have to authorize that with a username/password anyway (I
may be missing the meaning of captiveOpenID).

Immad


On 11/07/07, Recordon, David <drecordon at verisign.com> wrote:
>
>  Hey John,
> I think some sort of local display name is certainly desired in many
> cases.  It should however be easy to then find their OpenID identifier from
> their profile page for example.
>
> As to a local password, I would instead just use email as an account
> retrieval mechanism if needed.
>
> --David
>
>
>
>  -----Original Message-----
> From:   John Wang [mailto:jwanggroups at gmail.com <jwanggroups at gmail.com>]
> Sent:   Tuesday, July 10, 2007 09:21 PM Pacific Standard Time
> To:     OpenID - General
> Subject:        [OpenID] OpenID Registration Scenario
>
> For a site that does not have sensitive information but does have an
> online
> identity aspect where there will be a lot of information associated with
> user's online identity on the site over time, does it make sense to have
> OpenID users also create a local username/password?
>
> I think it makes some sense to have a username since a user can have
> multiple OpenIDs associated with one online identity. Additionally a
> username will be more user-friendly to see on various pages. The username
> is
> associated with a unique online identity for the site while the OpenID is
> just an authentication method.
>
> As for a local password, it seems to make for a better user experience to
> have a fallback incase the user's OpenID OP auth server becomes
> unavailable
> for whatever reason. This way the user can use OpenID when they want but
> if
> it ever becomes unavailable, they still have access to their online
> identity. From a community site perspective, it seems to make sense to
> give
> the user a fallback auth mechanism controller by the site instead of
> forcing
> the user to rectify the situation with their OP in case there's an issue
> there.
>
> From the above, I'm thinking that it would make sense to have the user
> register an account by creating a username/password or
> username/captiveOpenID controlled by the site and then let the user
> attach/associate OpenIDs to those accounts. The other question here is
> whether one OpenID can only be attached to a single site account or
> whether
> the user should be allowed to use the same OpenID for multiple site
> accounts. The latter seems more flexible and user-friendly.
>
> What do you think of the above and what are sites doing today with respect
> to OpenID and local auth methods?
>
> John
>
> --
> John Wang
> http://www.dev411.com/blog/
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070711/5821c967/attachment-0002.htm>

More information about the general mailing list