[OpenID] Changing identity provider (OP)

[Manger, James]

Hi OpenID community,

Is there any work going on about how users can change their OpenID Connect provider (OP) while keeping access to their accounts at RPs? With or without explicitly engaging every site (RP) the user connects to?

With OpenID 2.0 a user cannot change their identifier (OpenID URI), but they can change the OP it points to. I'm not sure how well that works in practise and at scale, nor how it works with the added privacy of pairwise (per RP) pseudonyms.
With OpenID Connect a user’s stable identifier is an issuer/subject (iss/sub) pair. A user cannot change OP as that will change iss so RPs will no longer recognize the user.

One solution is for a user to visit every RP: within one session login via their old OP and login via their new OP so the RP can link the two iss/sub pairs. This requires RPs to explicitly support such an interaction. Is there work on standardizing how this could work at RPs (perhaps even automatically)? It probably requires almost all RPs to support this approach for it to be viable for users.

--
James Manger