How To - Change an ID

From The Socknet

(Redirected from ID Change)
Jump to: navigation, search

A user may change his OpenID, while keeping his Socknet provider. A service may change its ServiceID as well.

When a user informs his Socknet provider that he has changed his OpenID, it sends a message to all of his friends notifying them of the new OpenID through a call to openid_change. 

foreach entity in (friends, services)
POST openid_change
{ from: { openid: "http://openid.com/changinguser/" },
  new_id: { openid: "http://changinguser.com/" }
}

The entity will run the normal verifications, so the old ID must still exist until this is complete.

Each entity will check id_change_verify on the new ID to ensure that it permits the change.

If it accepts the change, the entity will replace all references to the current ID with the new ID. Old notifications should be changed to point to the new ID.

Considerations

Providers do not have to inform their users that a friend has changed his OpenID, but it doesn't hurt.

Changing your OpenID is not intended as a way to "hide", since everyone finds out the new OpenID and they could easily store the old one some place.

The new OpenID should already be active because friends will attempt to interact with it immediately. If it uses a different provider, that provider must already have the data it requires.

Missing OpenID/Provider Transition

If a provider goes missing, the user can easily redirect his OpenID to a new provider by simply changing the <link> in his OpenID page. No problem there.

If an OpenID goes missing, friends will not be able to verify that the Socknet provider is still correct. This is a problem.

However, the user's friends' providers will know that something is wrong after a few days of failure to contact.

After some time these friends will be amenable to a new friend request with a field called replace.

The friend's provider has the task of explaining to the user that this may not be their real friend at all, and they should be very careful about accepting the replacement.

Of course, if this message is sent and the old provider and OpenID are still accessible via Socknet calls, then the request should be considered very suspicious.

Retrieved from "http://www.socknet.net/w/How_To_-_Change_an_ID"
Personal tools