[OpenID] FB Connect, OpenID and UX
Dan Lyke
danlyke at flutterby.com
Tue Dec 16 18:27:21 UTC 2008
On Tue, 16 Dec 2008 08:41:14 -0800
Johannes Ernst <jernst+openid.net at netmesh.us> wrote:
> I'm thinking that some kind of chained identity might help ...
> where, say, assistant uses OpenID example.com/alice and executive
> uses example.com/bob, both of which can be used to authenticate into
> the account example.com/executive. That latter OpenID would then be
> used by either to log into the travel site.
I haven't been doing much web stuff nowadays (I'm off in devices), but
the direction I'm going for the stuff I do do is that I allow multiple
authentication methods for a given identity. Since I'm going to allow a
username/password combo, and probably an email "forgot your password"
mechanism, and an OpenID authentication, the idea of putting those in
an additional table that all reference the identity (rather than
individual fields in the identity record) makes perfect sense.
And then adding permissions for each authentication mechanism, ie: this
OpenID URL is allowed to send and receive mail, but not to add or
delete authentication mechanisms (ie: The secretary can't remove the
boss's OpenID, but vice-versa can occur) seems totally reasonable.
Facebook seems to be doing similar things with their API, yesterday I
installed a PHP script to let me update my status, and I had to go
through a process which let me generate a key for that application
alone, that had restrictions on what that application could do.
Dan
More information about the user-experience
mailing list