tags:

views:

954

answers:

12

I have more than one OpenID as I have tried out numerous. As people take up OpenID different suppliers are going to emerge I may want to switch provinders. As all IDs are me, and all are authenticated against the same email address, shouldn't I be able to log into stack overflow with any of them and be able to hit the same account?

A: 

As long as you associate all of them to the same email address, i would think it would lead you to same account.

But whats your experience?

Prakash
+21  A: 

I think each site that implements OpenID would have to build their software to allow multiple entries for your OpenID credentials. However, just because a site doesn't allow you to create multiple entries doesn't mean you can't swap out OpenID suppliers.

How to turn your blog into an OpenID

STEP 1: Get an OpenID. There a lots of servers and services out there you can use. I use http://www.myopenid.com

STEP 2: Add these two lines to your blog's main template in-between the tags at the top of your template. Most all blog engines support editing your template so this should be an easy and very possible thing to do.

Example:

    <link rel="openid.server" href="http://www.myopenid.com/server" />  
    <link rel="openid.delegate" href=http://YOURUSERNAME.myopenid.com/ />

This will let you use your domain/blog as your OpenID.

Credits to Scott Hanselman and Simon Willison for these simple instructions.

Switch Your Supplier

Now that your OpenID points to your blog, you can update your link rel href's to point to a new supplier and all the places that you've tied your blog's OpenID will use the new supplier.

Otto
that's great ... but how does this work when you have an existing non-delegated openId in use here in Stackoverflow, and want to move?
Anthony
+3  A: 

@prakesh

As long as you associate all of them to the same email address, i would think it would lead you to same account.

But whats your experience?

When I tried it out I got a whole new account with 0 rep and no steenkin badges. So at the moment SO does not allow multiple OpenID's to be associated with the one account

Xetius
+2  A: 

@Prakash

There are now two "Jon Ericson" users. I'm using the same email address for both, but one has a blogspot.com OpenID and the other has a yahoo.com OpenID. It was sort of an accident. I asked a question without logging in and then tried to log in. I'd forgotten which OpenID provider I'd used here so I tried the "wrong" one. It'd be nice if they could be merged at some point.

Jon Ericson
Did the merge happen? I have the same issue now.
Tyronomo
I don't know if they were merged, but the Yahoo one is gone. I think there were only one or two questions under that name. Submitting a suggestion to UserVoice or emailing the Stack Overflow team might help.
Jon Ericson
A: 

Doesn't using multiple open-id providers sort of undermine the point of open id?

Mike Heinz
No, it doesn't. I have over 100 website logins. I'd like to cut that down to a handful of different identities/profiles. You don't have to use just one OpenId, you can choose how many to use.
Anthony
A: 

@Porkchop D. Clown

Half the websites I have accounts with are OpenID providers now. ;-)

I suppose I should pick an OpenID provider for websites like StackOverflow and stick to it, but StackOverflow is the only site I've joined that uses, not provides, OpenID. And I don't really know why my identities can't be merged---I'm the same person on blogspot.com and yahoo.com.

Jon Ericson
+2  A: 

Doesn't using multiple open-id providers sort of undermine the point of open id?

No. Say you are using a Yahoo OpenID, but you decide to move to Google instead. Multiple OpenIDs per account allows you to associate your account with the Google OpenID, then deauthorize the Yahoo OpenID.

John Millikin
A: 

@Prakash

That wouldn't work because then I could create an open ID that has your email address and without your knowledge I would be able to use your account

TonyB
A: 

@TonyB, email address and OpenID are completely unrelated. OpenID is used on SO for account authentication. Email address is used only for fetching the gravatar. You can change your email address on Stack Overflow (or remove it) with no affect on your OpenID.

Derek Park
+5  A: 

In addition to the meta tag sample by Otto, you should be aware whether your provider supports OpenID 2.0 (there are numerous improvements). If it does use meta tags as the following:

<link rel="openid2.provider" href="http://www.loginbuzz.com/provider.axd" />
<link rel="openid2.local_id" href="http://example.loginbuzz.com/" />
<link rel="openid.server" href="http://www.loginbuzz.com/provider.axd" />
<link rel="openid.delegate" href="http://example.loginbuzz.com/" />

A good idea would also be to use secure links, but this could limit some relying parties from signing in. This could however be solved by providing a XRDS document.

The really neat thing about XRDS is that you are able to specify multiple providers in this document. Say you have a bunch of different accounts all with different providers supporting different extensions. The relying party are then able to select the best match by itself. In the XRDS document you could also specify multiple URLs for each service, so that https is used when appropriate.

I would also recommend buying an i-name as it by design is more secure (the canonical ID - the i-number - associated with an i-name belongs to you even if the i-name expires).

troethom
A: 

The key here is to not change identities, ever. Change providers, but not identities. (this is like real life)

So new users to OpenID should first consider what their identity could be.

Users that already have some kind of website they own should choose this URL and users without a website have these options:

  • Get something like a blog to get a URL
  • Buy an i-name (or a domain name)
  • or use an identity provider supplied URL

In the case of the identity provider supplied URL, users need to be aware that if in the future they choose to delegate or change identities in some way that its essentially a new identity and that multiple identity support with RPs (and OPs) is limited (required usually to re-associate a local account on an RP site to a different OpenID identity).

A: 

Just testing my new OpenId ...and guess what, it works just as advertised.

cathat