[OpenID] OpenID provider with gibberish identity URLs to avoid nickname change issues
Stuart Bishop
stuart at stuartbishop.net
Mon May 28 13:08:51 UTC 2007
I am working on turning a webapp into an OpenID provider. One if the
features of the webapp is that the user's nicknames are changable. We would
like nickname changes to not affect other applications we need to integrate
with, so wish to use an unchanging opaque identifier instead of the user's
nickname.
So we are thinking of having https://openid.example.com/<nickname> issue a
temporary redirect to https://openid.example.com/<opaquekey>. This way users
can use the nicer, more memorable URL but name changes will not affect the
systems we are integrating with.
Can anyone see problems with this approach? The only issue I'm aware of is
that the identity URL will look like gibberish on sites that choose to
display it.
I am also toying with the idea of instead of having a single identity url,
instead generating a unique opaque identity URL for every trust root using a
hash. Combined with the above, users should be able to enter their memorable
identity, but every consumer would get a different opaque identity url
making it impossible to correlate data across sites.
Does this sound like a sane idea?
--
Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070528/ac481bd2/attachment-0002.pgp>
More information about the general
mailing list