Changing the URL/i-name associated with a user

Dan Lyke danlyke at flutterby.com
Thu Oct 26 17:45:04 UTC 2006 

Johannes Ernst asked:
>> - how can I change the URL/i-name that I'm currently using with  
>> this site (currently unsolved)

I thought about this for a long time, and then I realized that what  
everyone was referring to as an Identity wasn't really an Identity. An  
Identity is something that a second party creates (in their own mind,  
if the second party is a human) about a person based on all of the  
information that they know about that person.

ie: I know Johannes based on conversations with him, based on his  
phone number, his email address. But his Identity relative to me isn't  
something he owns, it's something I get to create. He controls many of  
the Identifiers that I associate with that Identity, but not the  
Identity itself. And everyone else's notion of him is going to be  
slightly different.

So the system I'm building has its own notion of an Identity. That's  
the thing that all of the user's contributions to the site get  
affiliated with. But the user can associate Identifiers with that  
Identity, and that's the stuff they get to explicitly control.

OpenID URLs, email addresses, and whatever else I stumble across are  
Identifiers. An Identity on this site can have multiple Identifiers,  
and your user information page allows you to add and delete  
Identifiers (ie: log in to *this* OpenID URL as well, delete that one  
 from my profile) associated with your Identity on this site.

So changing the Identifiers you want to use with the site is a matter  
of logging in with one of the Identifiers the site already knows about  
(email me a magic cookie, login with my OpenID URL, whatever), and  
adding another Identifier, and then optionally deleting the old  
Identifier.

This doesn't give you a wholesale "change every site I've ever logged  
in to with my old OpenID URL to my new one" option, and maybe we  
should ask Relying Parties to support an API that allows an Identity  
Provider to do that (and if you thought the "talking past each other"  
on OpenID security was bad now, try making *that* proposal), but it  
does let you manage OpenID changes.

Dan

More information about the user-experience mailing list