Merging OpenID data
I have more than one OpenID. Some of the data is common across the OpenID providers, but some is different. Is there a way to merge the data from multiple OpenID accounts into one master account?
There’s nothing in the OpenID protocol that would really allow this, especially from the data side of things. Unlike, say, credit cards, where you can transfer your balance between different providers, data transfer between different OPs requires a bit more leg work.
What kind of data are you talking about?
a ph3rson commented
I think it means like to ability to have a store of all of the information from your openid's, almost like syncing files from mobile devices into one, all-powerful device. I would use this, as for example, if one openid provider had other information (Steam with gameplay stats) than another, they could all be stored in one place.
I'm not sure I have the answer for how this would be implemented, but I have to add my support to the idea.
The idea is to have a single ID that you use for everything, but the problem is which provider do you go with? Suppose I started by using my Google account, and signed up for multiple services using that OpenID, then later decided to switch to myOpenID because it allows client certificate authentication. Suddenly, I'm back to having two different accounts for logging into services.
It seems to me that this is a barrier to entry for using OpenID. Whichever provider you use at first you're sort of locked into, because you'll have a bunch of accounts under that ID. I imagine a lot of people will be turned away because of this uncertainty (which provider should I choose, if I'm going to be stuck with it?), or will use it for a while, decide they want to switch providers, and get frustrated by the fact they now have multiple accounts again.
I think, to solve this, there needs to be some way to indicate that two OpenIDs refer to the same person, and can be used interchangably. This seems difficult, given how decentralised OpenID is. Maybe allow providers to communicate a list of alternate IDs to the relying party? The relying party then checks to see if they have an account for any of the IDs. If it finds more than one, it asks the user which they want to log in as. If it finds none, it creates a new account using the primary ID.
The provider, obviously, would need to allow their users to specify alternate IDs, and it'd be hard to force that on them, so it wouldn't be implemented universally, but it's a start. Even better, if providers could communicate those /with each other/. So, I add a myOpenID to my Google OpenID as an alternate identity, and Google immediately contacts myOpenID, authenticates, adds itself to my myOpenID as an alternate provider, and then asks for a list of alternate identities. It then repeats the process, recursively adding all of my other OpenIDs.
This still doesn't solve the problem of merging data. But I don't think that can be solved without putting implementation requirements on services and providers, which seems contrary to the OpenID philosophy. But at least it eliminates the main problems of having multiple accounts, or wanting to change your identity provider. And, by making providers aware of all your other identities, they could CHOOSE to merge your data, or at least present the option to do so. (Say, display your other identity and ask if you want to copy any data in from it.)
Its not up to openID,
this would be for the sites themselves to access each other to get things like profile information, or whatever you wanted them to share...
I often wish I didn't have to re-enter profile information
AdminChris Messina (Admin, OpenID) commented
I don't understand how that would work... that would suggest being able to merge multiple URLs... and the only way that would work would be through redirects or forwards, which of course wouldn't work on identities that you don't host or control.
How do you envision this working?
A user should be able to merge multiple OpenID identities, such that the endpoints are mutually aware of the user's identity and can cross-authenticate when queried by an OpenID consumer. As it currently stands users are left with separate identities without a way of unifying them. Having the OpenID consumer store the different OpenID identities to be associated with a user account is inelegant.