OpenID:如何最好地将多个OpenID帐户关联到一个用户? [英] OpenID: How to best associated Multiple OpenID Accounts to one User?
问题描述
我是openID的新手.我花了很多时间思考最佳实践是如何为用户提供选择,并使用各种启用了OpenID的帐户登录.
I am a newbie in openID. I spend a lot of time thinking what the best-practices are to give the user the choice, to login with various OpenID enabled accounts.
(我必须进一步阐明,我的系统不是一个只需要简单的一次性身份验证"即可进行博客发布的系统,而是一个像社交网络站点这样的完整系统,在该系统中,用户将始终添加更多信息并编辑他的个人帐户"的现有信息...因此,系统本身需要具有某种与用户所做的工作相关联的帐户".)
(I have to further clarify that my system is not a system that only requires a simple "onetime authentication" for doing a blog posting, but rather is a full system like a socialnetworking site, where a user will always add more information and edit existing information for "his personal account" ...So the system itself requires to have some kind of "account" that will be associated with the work the user does.)
鉴于我没有创建使用mysite的密码和用户名的专用用户帐户",而仅依靠openID登录名的情况,我遇到了以下问题: 当用户"A"(首次)通过"Google帐户"登录时,他所做的一切都将与Google帐户相关联.当他回来并且不单击"Google帐户登录"而是单击"Yahoo登录"时,他将登录,但将创建/获取与Yahoo关联的新帐户.他使用Google帐户所做的一切似乎都丢失了.只是在我的站点上向每个用户发出独立于OpenID的用户名和唯一用户名"(没有密码)是行不通的:好像我在登录时要求提供这个唯一的用户名(没有密码),每个人都可以猜测其他人的用户名并关联一个OpenID跟他们.但是,如果我还必须为此用户名输入密码,那么我最终将失去过去的openID:然后,我必须向用户颁发他可以使用的某种主帐户"(使用usernam和passwort),为了方便起见,请与任意数量的openId帐户关联.但是在这种情况下,比起为什么我有什么理由呢?由于用户无论如何都必须记住我的masterpassword和userid" ...
Given the case that I do not create a "dedicated useraccount with password and username for mysite" and only rely on the openID Logins i ran into the following problem: When User "A" logins in (for the first time) via an "Google Account" then everything he does will be associated with the Google account. When he comes back and does NOT click on the "Google Account Signin" but rather "Yahoo Signin", he will be signed in but will create/get a new Account associated with Yahoo. Everything he did with the Google Account seems to be lost. Simply issuing every user an "openID indepedant and unique username" (without password) on my site doesnt not work: As if I ask for this unique username (without password) when logging in, everybody could guess the username of others and associate an OpenID with them. But if I also have to have a password for this username, than I ended up where we were in the past without openID: Then I have to issue the user some kind of "master account" (with usernam and passwort) that he can, for convenience, associate with any number of openId accounts. But for what reasony do I than have openID in this case? As the user has to remember "my masterpassword and userid" anyway...
=>这是否意味着openID不直接"支持多个帐户的自由选择"?如果我希望用户能够使用任意的openID用户帐户登录(每次登录),则是这样做的唯一方法:
=> Does this mean, that openID does not "directly" support the "free choice" of multiple Accounts? If I want the users to be able to login (for every single login) with an arbitrary openID user-account, is the only way of doing it that way:
1.)用户通过已知的openID帐户"登录=>没什么好做的
1.)User logs in via an "known openID account" => thats fine nothing has to be done
2.)用户通过未知的openID帐户" =>登录,并通过未知的" openId(例如Yahoo)对用户进行身份验证,但是当用户回到我的页面时,请向用户说明该(Yahoo)openID帐户是未知的(=没有进一步的工作与它相关联=它像新帐户一样)并询问他是否最后一次通过其他帐户登录并提供受支持的openID帐户列表.然后,用户可以选择上次使用的提供者之一(例如Google).然后,除了已经进行过登录(使用Yahoo)外,他还必须登录到上次使用的较旧"(Google)帐户.然后,两个帐户都相互关联",并且现在也可以通过较新的(Yahoo)openID帐户/登录来访问较旧(Google)帐户上的任何内容吗?
2.)User logs in via an "unknown openID account" => "authenticate" the user via the "unknown" openId (for example Yahoo) but when the user is back on my page, state to the user, that this (Yahoo) openID account is unknown (=no further work is associcated with it=its like a new account) and ask, if he maybe logged in the last time via an other account and provide the list of supported openID accounts. The user can then choose one of the providers he used the last time (for example Google). He then in addition to the already made login (with Yahoo), he also has to login to the "older" (Google) account he used the last time. Both accounts are then "associated with each other" and any work on on the older (Google) account can now be accessed also via the newer (Yahoo) openID account/login?
或者还有其他方法可以为一个USERACCOUNT支持多个openID帐户"吗?
Or is there any other way to support "multiple openID accounts" for ONE USERACCOUNT?
(我问这个问题的原因:普通最终用户还不太了解OpenID.如果我使用Google,Yahoo和Faceebook的登录信息打印了一个大列表,将会有很多用户使用Google作为初始用户登录,但是下次他们回来时可能会选择Facebook(因为他们刚刚离开了Facebook网站,点击Facebook图标更具吸引力),这就是过去"15年"中网站"的运作方式:一种单一的登录方式:一个用户名输入字段"和一个密码输入字段",如果我现在打印一个庞大的帐户列表,其中一个用户拥有一个帐户,则每天可能使用不同的帐户登录因此,理想的情况是用户可以通过我的openID-Provider列表中的任意帐户登录,并使所有帐户彼此关联" ...
(The reason why I am asking this: OpenID is not so much known to normal endusers yet. If I print a large list with logins from Google, Yahoo to Faceebook there will be a lot of users that use Google for their initial Login, but the next time they come back maybe choose facebook (as they just left the facebook site and its more appealing to click on the facebook icon). This is how "websites worked" for the last "15 years": There was only one single way to login: One Username-Input-Field and One Password-Input Field. If I print now a huge list of account where a user has an account with each of them, the might to login with different Accounts from day to day not understanding the problem this will lead to. So the ideal world would be that a user can login via an arbitrary account of my openID-Provider list and will have all the accounts "associated" with each other...
我希望能够描述我的问题所在.
I hope I was hable to describe what my problem is.
我真的很感谢您的帮助和想法(也许我在这里完全被误解了)
I really appreciate your help and ideas (mybe I am completely misunderstood here something)
非常感谢! 扬
推荐答案
OpenID是一种身份验证机制,而不是配置文件存储机制.您仍应为网站上的人员拥有一个唯一标识符,并应保留一条记录,该记录以与存储与该唯一标识符相关的密码的方式相同的方式存储与该唯一标识符相关的OpenID.
OpenID is an authentication mechanism, not a profile storage mechanism. You should still have a unique identifier for the person on your site, and should maintain a record which stores the OpenID in relation to that unique identifier in the same way you would store a password related to that unique identifier.
这篇关于OpenID:如何最好地将多个OpenID帐户关联到一个用户?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
