Technically, that looks like a good idea. <div><br></div><div>Now, IMHO, privacy advocates have much to say on this: correlations. </div><div>So, we should tread carefully in this area, though. </div><div><br></div><div>=nat</div>
<div><br><div class="gmail_quote">On Sun, Nov 2, 2008 at 10:48 AM, Andrew Arnott <span dir="ltr"><<a href="mailto:andrewarnott@gmail.com">andrewarnott@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Why not use the AX extension to supply the extra identifiers? AX supports multiple values for a single parameter type URI, so we could have something like <a href="http://axschema.org/identifier/openid" target="_blank">http://axschema.org/identifier/openid</a> and the OP could send down all the other Identifiers the user controls. <div>
<br></div><div>Take the following scenario:</div><div><ol><li>I visit <a href="http://myopenid.com" target="_blank">myopenid.com</a>, and configure it to know about my five OpenID identifiers. This turns out to be a piece of cake because I just point <a href="http://myopenid.com" target="_blank">myopenid.com</a> at my XRDS document and all the identifiers are listed there and imported.<br>
</li><li>I then visit magnolia and log in. With the auth request, magnolia sends my provider an AX fetch request for <a href="http://axschema.org/identifier/openid" target="_blank">http://axschema.org/identifier/openid</a>. Myopenid.com provides the assertion and my five other identifiers as multiple values in the AX fetch response. </li>
<li>Magnolia scans this list and notices that it doesn't have four of those five identifiers associated with my account yet. It confirms that I want to add these to my account and adds them.</li></ol><div>This allows me to just tell my Provider about my many identifiers, and all RPs I log into can (optionally with my permission of course at the OP) automatically download all my other identifiers and configure my account accordingly. Obviously there will be times when the user <span style="font-style:italic">won't</span> want an RP to know about all the other identifiers (if for example the user wants to preserve anonymity) but the automation will be in place for when I do.</div>
<div><br></div><div>There will be no need to make the user jump through hoops to prove he controls these identifiers until he tries to actually log in with one. </div></div><div><div></div><div class="Wj3C7c"><div><div>
<br><div class="gmail_quote">On Sat, Nov 1, 2008 at 6:29 PM, Martin Atkins <span dir="ltr"><<a href="mailto:mart@degeneration.co.uk" target="_blank">mart@degeneration.co.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Chris Messina wrote:<br>
><br>
> It seems to me like this is just a matter of popularizing the idea of<br>
> multiple identifier associations per account, just as you do when you<br>
> associate multiple email addresses with an account (say, on Plaxo,<br>
> Dopplr and elsewhere).<br>
><br>
> Ma.gnolia currently provides you the ability to associate multiple<br>
> identifiers with your account, allowing you to use any of them to sign<br>
> in.<br>
><br>
> Since we're moving to a model of remote authentication, we really do<br>
> need to make sure that, apart from using XRDS to point to multiple OPs<br>
> in the case that one goes down, associating more than one identifier<br>
> per RP is also something that could or will be of value (especially if<br>
> you initially sign up to a service with a "throw-away" OpenID for<br>
> testing).<br>
><br>
<br>
</div>Manually associating multiple identifiers with your account at your RP<br>
is the workaround, not the fix.<br>
<br>
If we want to say with a straight face that we support migrating between<br>
identifiers, it needs to be *much* more automatic than this. Being able<br>
to migrate between identifiers needs to be the default.<br>
<br>
With the tech we've got right now I think the best we can accomplish is<br>
using a service like the Google Social Graph API to discover other<br>
identifiers that a user has and prompt them to associate those with<br>
their account as well. (We can't do this automatically, because the data<br>
returned by SGAPI is not necessarily trustworthy.)<br>
<br>
The main issue with that approach is overcoming the "stalkery" nature of<br>
this by explaining to users where this list came from. I think most<br>
users today would be pretty freaked out if they put in their LiveJournal<br>
identifier and it prompted them to add their MySpace account.<br>
<div><div></div><div><br>
<br>
_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net" target="_blank">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
</div></div></blockquote></div><br></div></div>
</div></div><br>_______________________________________________<br>
general mailing list<br>
<a href="mailto:general@openid.net">general@openid.net</a><br>
<a href="http://openid.net/mailman/listinfo/general" target="_blank">http://openid.net/mailman/listinfo/general</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Nat Sakimura (=nat)<br><a href="http://www.sakimura.org/en/">http://www.sakimura.org/en/</a><br>
</div>