21 Jul 03:58
Re: [OpenID] linking an openid to an existing account
From: Shane B Weeden <sweeden <at> au1.ibm.com>
Subject: Re: [OpenID] linking an openid to an existing account
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-21 01:58:20 GMT
Subject: Re: [OpenID] linking an openid to an existing account
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-21 01:58:20 GMT
Agree for OpenID 2.0.
What about OpenID 1.1 backwards-compatibility, which doesn't have the claimed_id concept?
| Dan Ragle <dragle <at> jupitermedia.com>
Sent by: general-bounces <at> openid.net 19/07/2008 12:01 AM |
|
P.S. - per section 11.5 of the OpenID specs:
"The Claimed Identifier in a successful
authentication response SHOULD be used
by the Relying Party as a key for local
storage of information about the user.
The Claimed Identifier MAY be used as a
user-visible Identifier. When displaying
URL Identifiers, the fragment MAY be
omitted."
Cheers!
Dan
> I have a question about best-practices.
>
> Consider a website with an existing user base. You want to provide the
> users an alternate means of authentication with an OpenID (e.g. replacing
> existing password-based authentication), so you show them a page (after
> they've authenticated) which says "Link an OpenID to your account".
>
> The user authenticates with an OpenID, and the site associates <something>
> with the user's existing account so that in the future OpenID
> authentication can happen as the primary login and the same <something>
> can be used to figure out which user account to login as.
>
> My question is what is the best thing to use as <something>. There are
> options, most with certain limitations, and I wanted to see if the
> community has a general pattern or recommendation.
>
> For example, the <something> could be (non-exhaustive):
>
> 1. The "as-typed-in-by-the-user" user-supplied identifier. This has
> limitations that a user can have multiple user-supplied identifiers that
> normalize to the same id, and they can confuse themselves (e.g.
> shane.myopenid.com = http://shane.myopenid.com). This doesn't work well
> with OP identifiers.
>
> 2. The claimed identifier after discovery. This doesn't play well with
> delegation if a user switches OP's but keeps their user-supplied
> identifier.
>
> 3. Some other combination?
>
> Your thoughts appreciated.
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> general mailing list
> general <at> openid.net
> http://openid.net/mailman/listinfo/general
_______________________________________________
general mailing list
general <at> openid.net
http://openid.net/mailman/listinfo/general
_______________________________________________ general mailing list general <at> openid.net http://openid.net/mailman/listinfo/general
RSS Feed