[OpenID] allowing users to switch to opendid-only: pointless?

Santosh Rajan santrajan at gmail.com
Fri May 29 02:56:33 UTC 2009 

This is a classic case of the problem of integrating OpenID with a site.
Ideally people logging in with OpenID's should not need a site specific
account. You don't want your user saying "I logged in with OpenID why do I
need a username?".
First question you need to answer is how is your system going to indentify a
user. Is it a username or is it an email address?
1) If username then the OpenID or Facebook ID is your username. I would
recommend not to allow associations of other ID's to the same account.
(Things will get complicated). In this case we are clear an account is
either an OpenID/Facebook ID or a local username.
2) If you are using email addresses then your account is associated with an
email address. Every email address is a unique account. In this case you can
associate OpenID with your account only if the OpenID provider provides an
email address with authentication. It will work with Google, MyOpenid, Yahoo
(near future). Will not work with Facebook as they dont provide an email
address. In this case the OpenID should not matter, (in a way the email
address provided is the OpenID).

Trying to do more than what 1) or 2) suggests will lead to complication or
confusion for users.

Nicolas Holzapfel wrote:
> 
> Hello everyone,
> 
> I'm in the processing of designing a big social networking type site and
> was
> just dealing with the account management settings. I'm working with
> someone
> else and we both want to make the site as openid-friendly as possible.
> Users
> will be able to sign up and log in using openid and similar services like
> Facebook Connect, Google Connect etc and associate multiple external
> website
> with the same account (i.e. they can use myOpenID, Facebook Connect and
> their site-specific username/password to log into the same, single
> account).
> 
> In addition, I proposed allowing users who originally signed up with a
> site-specific username/password, then associated their account with (for
> example) a myOpenID account, to delete their original site-specific
> password
> so that they would only be able to log in with myOpenID. To me, this makes
> sense because the user then has one less password to worry about and keep
> track of. However, to my co-designer, only crazy people would want such a
> feature since the user can just stop using their original password if they
> wish.
> 
> I would be very interested in knowing what you lot think about this.
> 
> 
> Nicolas
> 
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
> 
> 


-----

Santosh Rajan
http://santrajan.blogspot.com http://santrajan.blogspot.com 
-- 
View this message in context: http://www.nabble.com/allowing-users-to-switch-to-opendid-only%3A-pointless--tp23769802p23773519.html
Sent from the OpenID - General mailing list archive at Nabble.com.

More information about the general mailing list