Disallow similar identities
Keith Howe
nezroy at gmail.com
Fri Apr 21 23:24:48 UTC 2006
On Apr 21, 2006, at 15:25, Daniel E. Renfer wrote:
> I have a question. Would anyone consider it to be a bad thing to only
> allow one form of similar (yet technically different) URL's?
>
> For instance, say our user, Joe, goes to a site and sets up his
> account using the identity "http://example.com/joe" that is the Id
> that is stored in the database. Now, if Joe, or another user, goes
> back to this same site and tries to log in with an Id similar to one
> in the database, they're given a warning and the option to log in with
> the stored URL.
The LifeWiki [http://www.lifewiki.net/] handles this in what I
perceive to be the "correct" manner. It allows the user to associate
multiple OpenID identities with a profile as part of their profile
management. I think this is a much safer way to do this, rather than
attempting to match "close" identities. It's explicitly clear to the
user what identities are associated with their profile, and completely
within their control. Regardless, this seems like something that is
probably beyond the scope of Yadis.
Another problem with attempting to match close identities is that it
makes skimming for existing, valid identities that much easier because
your search space has just been reduced.
- K.Howe
More information about the yadis
mailing list