[OpenID] OpenID based on email addresses... Just Works!

Nat Sakimura sakimura at gmail.com
Sun Nov 2 15:08:43 UTC 2008 

Technically, that looks like a good idea.
Now, IMHO, privacy advocates have much to say on this: correlations.
So, we should tread carefully in this area, though.

=nat

On Sun, Nov 2, 2008 at 10:48 AM, Andrew Arnott <andrewarnott at gmail.com>wrote:

> Why not use the AX extension to supply the extra identifiers?  AX supports
> multiple values for a single parameter type URI, so we could have something
> like http://axschema.org/identifier/openid and the OP could send down all
> the other Identifiers the user controls.
> Take the following scenario:
>
>    1. I visit myopenid.com, and configure it to know about my five OpenID
>    identifiers.  This turns out to be a piece of cake because I just point
>    myopenid.com at my XRDS document and all the identifiers are listed
>    there and imported.
>    2. I then visit magnolia and log in.  With the auth request, magnolia
>    sends my provider an AX fetch request for
>    http://axschema.org/identifier/openid.  Myopenid.com provides the
>    assertion and my five other identifiers as multiple values in the AX fetch
>    response.
>    3. Magnolia scans this list and notices that it doesn't have four of
>    those five identifiers associated with my account yet.  It confirms that I
>    want to add these to my account and adds them.
>
> This allows me to just tell my Provider about my many identifiers, and all
> RPs I log into can (optionally with my permission of course at the OP)
> automatically download all my other identifiers and configure my account
> accordingly.  Obviously there will be times when the user won't want an RP
> to know about all the other identifiers (if for example the user wants to
> preserve anonymity) but the automation will be in place for when I do.
>
> There will be no need to make the user jump through hoops to prove he
> controls these identifiers until he tries to actually log in with one.
>
> On Sat, Nov 1, 2008 at 6:29 PM, Martin Atkins <mart at degeneration.co.uk>wrote:
>
>> Chris Messina wrote:
>> >
>> > It seems to me like this is just a matter of popularizing the idea of
>> > multiple identifier associations per account, just as you do when you
>> > associate multiple email addresses with an account (say, on Plaxo,
>> > Dopplr and elsewhere).
>> >
>> > Ma.gnolia currently provides you the ability to associate multiple
>> > identifiers with your account, allowing you to use any of them to sign
>> > in.
>> >
>> > Since we're moving to a model of remote authentication, we really do
>> > need to make sure that, apart from using XRDS to point to multiple OPs
>> > in the case that one goes down, associating more than one identifier
>> > per RP is also something that could or will be of value (especially if
>> > you initially sign up to a service with a "throw-away" OpenID for
>> > testing).
>> >
>>
>> Manually associating multiple identifiers with your account at your RP
>> is the workaround, not the fix.
>>
>> If we want to say with a straight face that we support migrating between
>> identifiers, it needs to be *much* more automatic than this. Being able
>> to migrate between identifiers needs to be the default.
>>
>> With the tech we've got right now I think the best we can accomplish is
>> using a service like the Google Social Graph API to discover other
>> identifiers that a user has and prompt them to associate those with
>> their account as well. (We can't do this automatically, because the data
>> returned by SGAPI is not necessarily trustworthy.)
>>
>> The main issue with that approach is overcoming the "stalkery" nature of
>> this by explaining to users where this list came from. I think most
>> users today would be pretty freaked out if they put in their LiveJournal
>> identifier and it prompted them to add their MySpace account.
>>
>>
>> _______________________________________________
>> general mailing list
>> general at openid.net
>> http://openid.net/mailman/listinfo/general
>>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>


-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081103/f8ea6e1b/attachment-0002.htm>

More information about the general mailing list