<br><font size=2 face="sans-serif">I have a question about best-practices.
</font>
<br>
<br><font size=2 face="sans-serif">Consider a website with an existing
user base. You want to provide the users an alternate means of authentication
with an OpenID (e.g. replacing existing password-based authentication),
so you show them a page (after they've authenticated) which says "Link
an OpenID to your account". </font>
<br>
<br><font size=2 face="sans-serif">The user authenticates with an OpenID,
and the site associates <something> with the user's existing account
so that in the future OpenID authentication can happen as the primary login
and the same <something> can be used to figure out which user account
to login as.</font>
<br>
<br><font size=2 face="sans-serif">My question is what is the best thing
to use as <something>. There are options, most with certain limitations,
and I wanted to see if the community has a general pattern or recommendation.</font>
<br>
<br><font size=2 face="sans-serif">For example, the <something> could
be (non-exhaustive):</font>
<br>
<br><font size=2 face="sans-serif">1. The "as-typed-in-by-the-user"
user-supplied identifier. This has limitations that a user can have multiple
user-supplied identifiers that normalize to the same id, and they can confuse
themselves (e.g. shane.myopenid.com = http://shane.myopenid.com). This
doesn't work well with OP identifiers.</font>
<br>
<br><font size=2 face="sans-serif">2. The claimed identifier after discovery.
This doesn't play well with delegation if a user switches OP's but keeps
their user-supplied identifier.</font>
<br>
<br><font size=2 face="sans-serif">3. Some other combination?</font>
<br>
<br><font size=2 face="sans-serif">Your thoughts appreciated.</font>