Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

Canonical Identifiers and Synonyms

Despite it being a best practice, currently only a handful of OpenID Consumer sites support the association of multiple OpenID identifiers to a single “account”. This is important to create redundancy to make the loss of an identifier less catastrophic. Ideally, all consumer sites would:

  • Allow users, after successful signing in with one OpenID identifier, to verify additional identifiers to be attached to the same account. For most purposes, this just involves storing your identifier associations in a separate table keyed on the primary key of your user table.
  • Provide a “recover account” ability in similar vein to the “forgot password” procedure in traditional website authentication. This would be done by having on file the user's email address and sending them a reset URL just as sites currently do for passwords, but then allowing the user to verify a new OpenID identifier rather than specifying a password.

But implementing the above is a chore. You have to develop new UI and new backend code. I doubt we can do much about the new backend code, but it'd be nice if we could somehow define a standard mechanism for doing the first of these in an automated way, so that sites can automatically discover my redundant synonyms. I'm not sure what the solution to the latter is just yet, but I think the former is do-able and well worth the effort.

Tags: openid, xri

  • The next evolution for OpenID?

    This morning at IIW Dick Hardt presented his vision for solving the issue whereby a user is dependent on his OpenID provider being up and non-evil.…

  • HTML 5 vs. Yadis

    One of the ways that the Yadis specification allows for the XRDS document location to be declared is via the X-XRDS-Location header embedded via a…

  • Client Certificates: It's easy, man! recently added support for logging in with client certificates. I've heard people talking about client certificates lots of times, but…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.