[OpenID] linking an openid to an existing account

Shane B Weeden sweeden at au1.ibm.com
Mon Jul 21 01:58:20 UTC 2008 

Agree for OpenID 2.0.

What about OpenID 1.1 backwards-compatibility, which doesn't have the 
claimed_id concept?






Dan Ragle <dragle at jupitermedia.com> 
Sent by: general-bounces at openid.net
19/07/2008 12:01 AM

To
general at openid.net
cc

Subject
Re: [OpenID] linking an openid to an existing account






P.S. - per section 11.5 of the OpenID specs:

    "The Claimed Identifier in a successful
     authentication response SHOULD be used
     by the Relying Party as a key for local
     storage of information about the user.
     The Claimed Identifier MAY be used as a
     user-visible Identifier. When displaying
     URL Identifiers, the fragment MAY be
     omitted."

Cheers!

Dan

> I have a question about best-practices. 
> 
> Consider a website with an existing user base. You want to provide the 
> users an alternate means of authentication with an OpenID (e.g. 
replacing 
> existing password-based authentication), so you show them a page (after 
> they've authenticated) which says "Link an OpenID to your account". 
> 
> The user authenticates with an OpenID, and the site associates 
<something> 
> with the user's existing account so that in the future OpenID 
> authentication can happen as the primary login and the same <something> 
> can be used to figure out which user account to login as.
> 
> My question is what is the best thing to use as <something>. There are 
> options, most with certain limitations, and I wanted to see if the 
> community has a general pattern or recommendation.
> 
> For example, the <something> could be (non-exhaustive):
> 
> 1. The "as-typed-in-by-the-user" user-supplied identifier. This has 
> limitations that a user can have multiple user-supplied identifiers that 

> normalize to the same id, and they can confuse themselves (e.g. 
> shane.myopenid.com = http://shane.myopenid.com). This doesn't work well 
> with OP identifiers.
> 
> 2. The claimed identifier after discovery. This doesn't play well with 
> delegation if a user switches OP's but keeps their user-supplied 
> identifier.
> 
> 3. Some other combination?
> 
> Your thoughts appreciated.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general at openid.net
http://openid.net/mailman/listinfo/general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080721/43535197/attachment-0001.htm>

More information about the general mailing list