Using openID has brought up some questions that I'm hoping the SO community can help me answer.
From what I've read, one of the main goals of openID is to eliminate the need for someone to create yet another username and password for some site they may only use once. While I think this is a really awesome idea, it does cause one point of confusion.:
Usernames are used not only as an authentication device (login credentials), but as a means of identifying a user as the create content on a website (comments, thread posts, etc.).
My Concerns
Imagine the following scenario:
My Questions
Thanks again, SO community for your time and help with this. You guys are awesome.
How do you restrict openID authentication to a very specific subset of poeple?
Can't you just make an account for them, and disable registrations, so that only they can sign in? When using OpenID, you still have user accounts, so you can do similar restrictions to what you could do normally. You can treat the OpenID similar to a username and only allow certain OpenIDs to register/login.
How do you set up accounts for people who have yet to authenticate to your site using OpenID?
I'd probably ask for a display name during the registration process. Some OpenID providers pass a display name back after authentication, which you could probably use if it's not taken on your site yet.
Ebay has one method for avoiding confusion/fraud with name changes (or did a few years back). For 30 days or something like that, there is a badge next to your name that says you just changed your name. If you wanted to, you could even provide full name history.
As far as limiting access, they still have accounts on your site that are created by your site's code. OpenID just provides the authentication mechanism. You could still require, say, that all new users are validated by an admin before they can access important parts of your site.
Another way to describe it is to think of authentication and authorization as two different concepts. OpenID only covers authentication. Your site would manage the authorization for an authenticated account.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With