[OpenID] Relying Party Best Practices
Martin Atkins
mart at degeneration.co.uk
Fri Mar 9 19:24:10 UTC 2007
Karl Anderson wrote:
>
> That's a good point, but it contradicts the Would Be Nice practice of
> allowing users to change their identifier. I think that's more
> important - remember, users should be able to preserve their identity
> if they switch providers.
>
Users should be able to preserve their *accounts* if they change
identifiers, but they can't preserve their "reputation". Just as if I
change my name by deed poll lots of my existing relationships will
become invalid, changing my OpenID identifier necessarily damages my
existing relationships and reputation.
Currently the "solution" to this problem is sites like ClaimID which
allow people to draw together all of their identifiers and other contact
points. Anyone who trusts ClaimID can use it to verify that indeed I'm
both =mart and mart.degeneration.co.uk if I tell them my
ClaimID-provided identifier.
More information about the general
mailing list