Martin Atkins (mart) wrote in apparentlymart,
Martin Atkins

OpenID Providers should allow users multiple identifiers

A murmur of discontent is emerging about the fact that OpenID identifiers could be used to link users' accounts between sites. Obviously many people don't want their personas in certain contexts linked to their personas in other contexts. For example, I keep distinct my persona as an employee of my employer and my persona as an open source contributor.

This situation is already catered for by OpenID, however. There is absolutely no reason why there has to be a one-to-one mapping between identifiers and people. I've already lost count of the amount of identifiers I have at my disposal already. It wouldn't be hard for my employer to give OpenID identifiers to every employee for use at work.

It can't be argued, though, that managing multiple identifiers isn't a pain right now. Most OpenID Providers will only allow you a single identifier per user account, and will only let you be logged in to one account at a time. If I want to be both and I must go through the tedium of repeatedly logging in and out of MyOpenID each time I wish to switch personas. However, this problem is easily remedied: (and all other providers!) should let me add aliases to my account. These would be completely distinct identifiers, but they would be attached to my single user account. I can then decide on a site-by-site basis which identifier to present and MyOpenID will authorize whichever one I choose.

Once OpenID 2.0 is deployed pervasively the new “directed identity” feature has the potential to make this even smoother by letting you enter your provider's own identifier into the OpenID login box rather than choosing one of your own. This allows your provider to remember for you which identifiers you used with which sites, and potentially to instantly generate a one-shot identifier intended only for one specific site that is still connected to your single user account at your provider.

Using OpenID puts the decision in the user's hands as to whether to link personas across sites. I consider the cross-site applicability of OpenID identifiers to be a feature, not a bug.

Tags: openid, privacy

  • HTML 5 vs. Yadis

    One of the ways that the Yadis specification allows for the XRDS document location to be declared is via the X-XRDS-Location header embedded via a…

  • Version Targetting for IE8 and beyond

    On A List Apart today is an article on how IE8 will selectively enable its new rendering engine. The executive summary is that pages will now be…

  • Apple asserts patents over “canvas” element

    According to a message apparently sent from Apple's patent department, Apple is asserting patents over the “canvas” HTML element. This element was…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.