This blog can't be viewed on LiveJournal. Instead see

Canonical Identifiers and Synonyms

28th Feb 2007

Despite it being a best practice, currently only a handful of OpenID Consumer sites support the association of multiple OpenID identifiers to a single “account”. This is important to create redundancy to make the loss of an identifier less catastrophic. Ideally, all consumer sites would:

  • Allow users, after successful signing in with one OpenID identifier, to verify additional identifiers to be attached to the same account. For most purposes, this just involves storing your identifier associations in a separate table keyed on the primary key of your user table.
  • Provide a “recover account” ability in similar vein to the “forgot password” procedure in traditional website authentication. This would be done by having on file the user's email address and sending them a reset URL just as sites currently do for passwords, but then allowing the user to verify a new OpenID identifier rather than specifying a password.

But implementing the above is a chore. You have to develop new UI and new backend code. I doubt we can do much about the new backend code, but it'd be nice if we could somehow define a standard mechanism for doing the first of these in an automated way, so that sites can automatically discover my redundant synonyms. I'm not sure what the solution to the latter is just yet, but I think the former is do-able and well worth the effort.


  • Maybe something like this?

    By Dmitry Shechtman at 11:00 pm on 28th Feb 2007
  • iamdentity OpenID Server

    The iamdentity OpenID server supports account delegation. You are able to link multiple OpenID URLs to your iamdentity profile.
    By ext_33654 at 08:12 am on 1st Mar 2007
  • Great Ideas

    I think both of these ideas are quite important if OpenID is going to be seriously adopted.
    By ext_36196 at 10:36 am on 8th Mar 2007
  • Own domain name as an OpenId Identifier

    This problem is solved with a service such as that lets you use your own domain name as an OpenId Identifier.
    By ext_70243 at 10:42 am on 15th Nov 2007