Another small milestone in PersonalJournal project - Journal of Omnifarious
Aug. 23rd, 2008
03:22 pm - Another small milestone in PersonalJournal project
Now my PersonalJournal project allows people to register. It automatically brings them to a registration page if they log in with an unknown OpenID. It also uses the OpenID SReg (Simple Registration) extension to try to fetch registration information for a new OpenID to auto-fill in many of the form fields when registering them.
I think I'm going to work on a simple posting interface now. I'm going to allow a given PersonalJournal instance to host posts by multiple users, but I'm going to require that they be given permission to post by a site administrator.
One interesting case is mentioning someone in a post using their OpenID when the OpenID's owner hasn't registered at the site yet. I think I will give that OpenID a stub registration that the owner can change if the OpenID owner registers with that OpenID.
Another interesting case is when a posting user believes that several different OpenIDs refer to the same owner. That's tricky. Right now I allow several different OpenIDs to be tied to the same 'user'. And then all access control is on the basis of 'user', ot OpenID.
I think that what I will do is only allow the owner of an OpenID to tie that OpenID to any others. And the user can 'take over' an OpenID from a different user if they can prove they are the id's owner. This will only work if the OpenID being taken over is associate with a 'user' that has one and only one OpenID associated with it. Then the user will be deleted and all other references to the taken over user will be changed to refer to the taking over user.
It is tempting to only allow automatically created user's who have never registered and turned into 'real' users to be taken over, but someone might log in and register using one of their alternate OpenIDs once without realizing what they're doing and then need to suck that OpenID into the main user they are reigistered under. It would be nice to be able to do that without admin intervention.