I read on a comment that the data shared is done "according to settings," so a little pointer to where exactly those settings (specific to OpenID or otherwise) are in popular OP would be more than helpful.Toki Tahmid shared this idea ·
74 votesAdminChris Messina (Admin, OpenID) responded
There’s nothing in the OpenID protocol that would really allow this, especially from the data side of things. Unlike, say, credit cards, where you can transfer your balance between different providers, data transfer between different OPs requires a bit more leg work.
What kind of data are you talking about?
What kind of data is universal and shared during OpenID authentication? There's obviously names, but what other general data is there? More than a merger the bigger issue is that multiple services can provide disparate identities for a single user, but there is no means to relate them to each other.
Here's an example I faced: I have already been a Google users for many a years, and recently got involved in the Ubuntu (Linux-based OS) community. So off I went to register a Launchpad account to submit some translations. Suddenly there's a problem with a new piece of hardware so I go to Ask Ubuntu (Q&A service by StackExchange) to ask for support there, and to login they provide a stock list of known OpenID providers including Google and Launchpad. So I login with Launchpad seeing as it's associated with Ubuntu and all, and happily do my thing. At a later time I went back to Ask Ubuntu and need to login again. I see Google, I use it to login, but then I can't edit my existing posts. What went wrong? Separate OpenID for same user went wrong.
So basically, we need some sort of cross-talk between OpenID providers to really have an universal ID on the web. If there isn't a protocol to do so, one needs to be created. Such that when I login to Ask Ubuntu using Google, Ask Ubuntu will be informed there's a Launchpad OpenID that's the same person too. There are some services that allow different OpenIDs to be associated with a single user, but that only takes place on the login side, only if they choose to do so. That's not a solution.
As for the master account thing, can we have an interface provided by you to access whatever OpenID refers to me, and see what information they share? OpenID providers aren't terribly open about being an OpenID provider. Heck, I didn't know Google did OpenID until I was faced with the Launchpad versus Google OpenID debacle. They sure don't provide a page detailing what kind of information is shared using OpenID and what can be shared for that matter. A little clarification on that will be more than welcome. If the above ideas I expressed needs to be registered separately, please do inform me and I will promptly do so.
I'm in agreement with this proposal. The widespread and decentralized use of OpenID has resulted in multiple ID from OpenID itself, resulting in the partial recurrence of the problem OpenID was meant to solve - i.e. a single universal signing up solution. If I've a Google account and a Y! account, it results in two web-based identity again. So I'm suggesting a central system to link two OpenID into one unique OpenID that represents my identity from both Google and Yahoo!
That’s a great idea. It’s certainly something that OPs and RPs should take into consideration.
There is currently some conversations going on about an OpenID Security Best Practices document; while the spec shouldn’t mandate SSL, it certainly should present the case for supporting it, ideally in a best practices doc.