tags:

views:

87

answers:

2
Q: 

OpenID equivalence

Has there been discussion around how to resolve equivalent openids? Meaning, I personally have 8 openid providers and the number is sure to grow. Have you discussed a way to make them equivalent during authentication?

I put together a solution based on the rel="me" link graph. Agree or disagree?

http://blog.paulisageek.com/2009/06/equivalent-openids.html

+4  A: 

How about adding the following to the home page on your domain, and using your domain as your OpenID?

<link rel="openid.server" href="..." />
<link rel="openid.delegate" href="..." />
<link rel="openid2.local_id" href="..." />
<link rel="openid2.provider" href="..." />

Then when you want to change provider, you just update the information here.

Nick  2009-06-28 08:33:13
I don't think most people do this, let alone have a domain. The majority of people I know that use openid use the direct endpoint given by their provider.But yes, for me, that will work; I just want to explore solving it for the unwashed masses. :)
Paul Tarjan  2009-06-28 11:26:31
+1  A: 

An OpenID Identifier merely allows you to prove you own some identifier (typically a URL). If you control many URLs, it only makes sense to activate as many of them as OpenID Identifiers as you want to maintain distinct identities for.

So no, I'd be against this rel="me" approach. Besides the fact that HTML discovery is about to be deprecated in OpenID anyway since it's difficult to make secure and resilient against the many forms of HTML there are.

Andrew Arnott  2009-06-29 14:06:09

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?