Merging OpenID data
I have more than one OpenID. Some of the data is common across the OpenID providers, but some is different. Is there a way to merge the data from multiple OpenID accounts into one master account?
There’s nothing in the OpenID protocol that would really allow this, especially from the data side of things. Unlike, say, credit cards, where you can transfer your balance between different providers, data transfer between different OPs requires a bit more leg work.
What kind of data are you talking about?
Toki Tahmid commented
What kind of data is universal and shared during OpenID authentication? There's obviously names, but what other general data is there? More than a merger the bigger issue is that multiple services can provide disparate identities for a single user, but there is no means to relate them to each other.
Here's an example I faced: I have already been a Google users for many a years, and recently got involved in the Ubuntu (Linux-based OS) community. So off I went to register a Launchpad account to submit some translations. Suddenly there's a problem with a new piece of hardware so I go to Ask Ubuntu (Q&A service by StackExchange) to ask for support there, and to login they provide a stock list of known OpenID providers including Google and Launchpad. So I login with Launchpad seeing as it's associated with Ubuntu and all, and happily do my thing. At a later time I went back to Ask Ubuntu and need to login again. I see Google, I use it to login, but then I can't edit my existing posts. What went wrong? Separate OpenID for same user went wrong.
So basically, we need some sort of cross-talk between OpenID providers to really have an universal ID on the web. If there isn't a protocol to do so, one needs to be created. Such that when I login to Ask Ubuntu using Google, Ask Ubuntu will be informed there's a Launchpad OpenID that's the same person too. There are some services that allow different OpenIDs to be associated with a single user, but that only takes place on the login side, only if they choose to do so. That's not a solution.
As for the master account thing, can we have an interface provided by you to access whatever OpenID refers to me, and see what information they share? OpenID providers aren't terribly open about being an OpenID provider. Heck, I didn't know Google did OpenID until I was faced with the Launchpad versus Google OpenID debacle. They sure don't provide a page detailing what kind of information is shared using OpenID and what can be shared for that matter. A little clarification on that will be more than welcome. If the above ideas I expressed needs to be registered separately, please do inform me and I will promptly do so.
I like its
Toki Tahmid commented
I'm in agreement with this proposal. The widespread and decentralized use of OpenID has resulted in multiple ID from OpenID itself, resulting in the partial recurrence of the problem OpenID was meant to solve - i.e. a single universal signing up solution. If I've a Google account and a Y! account, it results in two web-based identity again. So I'm suggesting a central system to link two OpenID into one unique OpenID that represents my identity from both Google and Yahoo!
a ph3rson commented
I think it means like to ability to have a store of all of the information from your openid's, almost like syncing files from mobile devices into one, all-powerful device. I would use this, as for example, if one openid provider had other information (Steam with gameplay stats) than another, they could all be stored in one place.
I'm not sure I have the answer for how this would be implemented, but I have to add my support to the idea.
The idea is to have a single ID that you use for everything, but the problem is which provider do you go with? Suppose I started by using my Google account, and signed up for multiple services using that OpenID, then later decided to switch to myOpenID because it allows client certificate authentication. Suddenly, I'm back to having two different accounts for logging into services.
It seems to me that this is a barrier to entry for using OpenID. Whichever provider you use at first you're sort of locked into, because you'll have a bunch of accounts under that ID. I imagine a lot of people will be turned away because of this uncertainty (which provider should I choose, if I'm going to be stuck with it?), or will use it for a while, decide they want to switch providers, and get frustrated by the fact they now have multiple accounts again.
I think, to solve this, there needs to be some way to indicate that two OpenIDs refer to the same person, and can be used interchangably. This seems difficult, given how decentralised OpenID is. Maybe allow providers to communicate a list of alternate IDs to the relying party? The relying party then checks to see if they have an account for any of the IDs. If it finds more than one, it asks the user which they want to log in as. If it finds none, it creates a new account using the primary ID.
The provider, obviously, would need to allow their users to specify alternate IDs, and it'd be hard to force that on them, so it wouldn't be implemented universally, but it's a start. Even better, if providers could communicate those /with each other/. So, I add a myOpenID to my Google OpenID as an alternate identity, and Google immediately contacts myOpenID, authenticates, adds itself to my myOpenID as an alternate provider, and then asks for a list of alternate identities. It then repeats the process, recursively adding all of my other OpenIDs.
This still doesn't solve the problem of merging data. But I don't think that can be solved without putting implementation requirements on services and providers, which seems contrary to the OpenID philosophy. But at least it eliminates the main problems of having multiple accounts, or wanting to change your identity provider. And, by making providers aware of all your other identities, they could CHOOSE to merge your data, or at least present the option to do so. (Say, display your other identity and ask if you want to copy any data in from it.)
Its not up to openID,
this would be for the sites themselves to access each other to get things like profile information, or whatever you wanted them to share...
I often wish I didn't have to re-enter profile information
AdminChris Messina (Admin, OpenID) commented
I don't understand how that would work... that would suggest being able to merge multiple URLs... and the only way that would work would be through redirects or forwards, which of course wouldn't work on identities that you don't host or control.
How do you envision this working?
A user should be able to merge multiple OpenID identities, such that the endpoints are mutually aware of the user's identity and can cross-authenticate when queried by an OpenID consumer. As it currently stands users are left with separate identities without a way of unifying them. Having the OpenID consumer store the different OpenID identities to be associated with a user account is inelegant.