OpenID : Which one I should use to index a user "openid_identity" or "openid_claimed_id"?

Question

Which one should I use to index a user from a Openid auth proccess. "openid_identity" or "openid_claimed_id"? Im using Dope OpenId class and data returned is :

[openid_ns] => http://specs.openid.net/auth/2.0
[openid_mode] => id_res
[openid_return_to] => http://localhost/login/authenticate
[openid_claimed_id] => https://me.yahoo.com/a/wK7..MjM-#607
[openid_identity] => https://me.yahoo.com/a/wK7...MjM-
[openid_realm] => http://localhost/
[openid_assoc_handle] =>odm...j24yhwlT...2TOXQ9.sifIz3eLZoU.....jOoGM...9VPcMVavQkVgEQ--
[openid_response_nonce] => 2009-09-19T12:35:08Z95e...WtOYlQ--
[openid_signed] => assoc_handle,claimed_id,identity,mode,ns,op_endpoint,response_nonce,return_to,signed,ns.pape,pape.auth_level.ns.nist,pape.auth_level.nist,pape.auth_policies
[openid_op_endpoint] => https://open.login.yahooapis.com/openid/op/auth
[openid_ns_pape] => http://specs.openid.net/extensions/pape/1.0
[openid_pape_auth_level_ns_nist] => http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
[openid_pape_auth_level_nist] => 0
[openid_pape_auth_policies] => http://schemas.openid.net/pape/policies/2007/06/none
[openid_sig] => kO7......EitU=

Thanks

Answer 1

Use the openid.claimed_id parameter as the logical primary key for users. Treat it as case sensitive, and use the entire value. Do not trim off the fragment or the scheme (protocol). Treat "http://" and "https://" protocols as entirely different, even if the rest of the URL is the same. In short, treat the openid.claimed_id as an opaque value that must entirely be stored for new users and entirely be matched for returning users.

The OpenID 2.0 specification explains further, but the short answer is above.