tags:

views:

121

answers:

3
+1  Q: 

OpenID question - multiple email accounts

Since I have multiple email accounts, whenever I'm requested to log and I go to my OpenID provider's page, there is every chance I might end up choosing an email which I've not used before.

In fact, when that happens, I can even have the same 'Display name' although the accounts are totally different!

In fact, in Stackoverflow itself, I've made that mistake and have had to make a special request for merging of multiple OpenIDs.

My question is to other Web Application folks - Is this one of the main problems for implementing OpenID? Do you get account merge requests very often? Is there some solution to overcome this problem?

A: 

What about cookies?

EDIT: I mean, send person with 2 or more id's a cookie to automatically log them in on the account they used last time.

SpliFF  2009-05-25 07:56:15
What about them?
biggusjimmus  2009-05-28 19:50:33
A: 

I don't think that's the problem of OpenID at all. Most people don't have multiple emails account that they use equally and even if that was the case, the real problems happen before that: Network effect or network starvation: web sites don't consume because people don't use it, people don't use it because they don't know what it is, how to use it, or what it is for.

There's still a problem to be solved to get wider adoption and that's it that people expect to open an account at your site, not to have an account already or have to go somewhere else for an account. I think there are a couple of ways to solve this, one is to allow creation of custom accounts and also using OpenID, which most web sites do (except Stack Overflow). But still I'm really disappointed that my wife never asked me what's this OpenID thingy is. If she would have seen it anywhere she would have asked me. It's a slow process

J. Pablo Fernández  2009-05-27 11:10:37
+1  A: 

This is a problem, I agree. Sites that accept OpenID can solve this problem in a few ways:

  1. Allow accounts to have multiple OpenIDs linked to them so the user can log in using whatever one they think of and it will log them in correctly.
  2. Request the email address via sreg/ax extensions and during login if the OpenID hasn't been seen before check the email address against existing accounts with that email address and ask the user if they meant to log in with a different OpenID (volunteering to merge them poses a security risk, so the user should still be required to log in with the original identifier).
  3. Allow the user to merge accounts when it happens.
Andrew Arnott  2009-05-28 19:46:43
Trust the rel="me" socialgraph equivalence. http://blog.paulisageek.com/2009/06/equivalent-openids.html
Paul Tarjan  2009-06-28 11:29:57

related questions

how to get login credentials by openId?
OpenID Migration
PHP Tutorial for OpenId and OAuth
OpenID login workflow?
OpenID support for Ruby on Rails application
Using OpenID for both .NET/Windows and PHP/Linux/Apache web sites
What is the benefit of using ONLY OpenID authentication on a site?
Problems with migrating Cardspace cards between computers
secure way to authenticate administrator in ASP.NET site using OpenID with DotNetOpenID
How do I enable open id on a Java Webapp?
What would it take to make OpenID mainstream?
What's the best .NET library for OpenID and ASP.NET MVC?
Useful browser plugins for openid authentication?
How do I implement an OpenID server in Rails?
How do I implement OpenID in my web application?
Why is HTML form redirection used in OpenID 2?
How do you set up an OpenID provider (server) in Ubuntu?
OpenID as a Single Sign On option??
Should my website abandon username/password authentication in favor of OpenID?
OpenID authentication in ASP.NET?
Open ID - What happens when you decide you don't like your existing provider?
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
How do I use more than one OpenID?