[OpenID] Correlating Identifiers (was: OpenID based on email addresses... Just Works!)
Nate Klingenstein
ndk at internet2.edu
Mon Nov 3 11:56:50 UTC 2008
That's interesting, Ben, and I'd like to hear your comments once you
guys use it a bit and get some feedback from applications as well.
We've used this form of pseudonym for five years now, originally
calling it eduPersonTargetedID. We've had a lot of success with it
once explaining to the application how it works. The interested RP's
are those that want to maintain a set of preferences or customization
for a unique user, or sites that want to guarantee that each user can
only do something once. They're both forms of account linking.
Nobody uses it as a primary identifier for display or "people
picking", selecting an individual from a list.
It doesn't work for many applications, and it takes some discussion
or analysis of each to understand what it's best to send to each.
Yahoo can send different identifiers as well with their
implementation, but it depends on user knowledge and expertise, not
side admin configuration, which will probably make it a lot harder in
practice. Your release of email address as an attribute may help
here if RP's can train themselves to use that.
Take care,
Nate.
>> Separately, persistent opaque identifiers are a really good thing,
>> especially when unique to a particular RP/SP. When Yahoo first
>> made the
>> decision to use them as the default in their implementation, I was
>> worried
>> that most of their applications, users, and developers would be
>> baffled, and
>> didn't know why they weren't targeted. I wonder if Allen has any
>> new words
>> of wisdom to share now that he has experience with them in practice.
>
> I should point out that Google also use them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081103/55d890b3/attachment-0002.htm>
More information about the general
mailing list