Dealing with renames

Kurt Raschke kurt at
Mon May 30 05:34:51 PDT 2005

On May 29, 2005, at 7:27 AM, Karl Koscher wrote:

> It occured to me that OpenID doesn't deal well with accounts that are 
> renamed. As far as the consumer is concerned, different usernames/URLs 
> belong to different users. However, often this isn't the case. For 
> example, LiveJournal allows users to rename their accounts.

As I see it, this problem can be solved fairly easily on the 
consumer-side.  First off, I would say that there are two basic types 
of OpenID consumers--those that use OpenID for authentication to some 
type of persistent account or session (like LiveJournal, for example), 
and those that don't have any kind of persistency (like an 
OpenID-enabled guestbook or weblog comment form).  Given that there can 
be a one-to-many mapping between people and OpenID personas (or login 
URLs), I would argue that OpenID consumers should support a many-to-one 
mapping between OpenID login URLs and internal accounts.

In other words, I could log in to an OpenID-enabled site using one URL, 
then at a later date indicate to the site that some other URL should 
also access the account generated when I first logged in with the first 
URL.  I could then de-authorize the first URL, or leave it enabled.

For non-persistent applications, though, I think that the issue of 
dealing with renames is a moot point.  If you post a comment in a 
weblog and give your URL, and then that URL changes three months later, 
it's a dead link, regardless of whether or not OpenID is involved.  I'd 
say that that should be handled with HTTP redirects, not changes to the 
authentication layer.


More information about the yadis mailing list