Changing the URL/i-name associated with a user
Josh Hoyt
josh at janrain.com
Thu Oct 26 17:58:29 UTC 2006
On 10/26/06, Dan Lyke <danlyke at flutterby.com> wrote:
> So changing the Identifiers you want to use with the site is a matter
> of logging in with one of the Identifiers the site already knows about
> (email me a magic cookie, login with my OpenID URL, whatever), and
> adding another Identifier, and then optionally deleting the old
> Identifier.
This case is especially important if you know that you're going to
lose control of an identifier. Unless you are using XRI with its
canonical identifiers, it's critical for relying parties to support
adding and removing identifiers from a site.
A simple extension could be used that specifies to the RP in an
authentication response that this identifier should take the place of
another when you log in:
(logging in with new.identifier)
# The subject of this request is a synonym for http://old.identifier/
openid.synonym.identifier=http://old.identifier/
# Once you have established that the user controls this identifier,
# you should replace references to http://old.identifer/ with the
subject of this request
openid.synonym.type=replace
openid.identity=http://new.identifier/
Then the RP will have to authenticate with http://old.identifier/ to
know that it's really the same user and then prompt the user to make
sure he wants to do it. This could make upgrading identifiers happen
automagically on login.
This is off the top of my head, so there could be major problems with
it, but this particular issue is one that keeps haunting me.
Josh
(
http://j3h.us/
http://mylid.net/j3h.
http://josh.myopenid.com/
http://j3h.janrain.com/
http://j3h.myopenid.com/
and so on...
)
More information about the user-experience
mailing list