This is a prototype post. It documents some thinking I have about where membership systems for various web-platforms need to be in terms of capabilities.
- Separation of users, organisations and rights.
- Support for multiple e-mail addresses (e.g. firstname.lastname@example.org or email@example.com).
- Support for authentication via e-mail address or specified username.
- Support for merging accounts.
- Support for other authentication mechanisms (oauth, Open ID, Facebook, Twitter, ADFS etc).
- Support for constrained delegation (what rights does a specific OAuth token have?).
- All the other requirements for membership providers.
I think the likes of LinkedIn has a good membership system where I can sign in with either my personal address or my work address, but they know both accounts are me. This stops identity fragmentation based on e-mail address. The extension to this is that if you do end up with two accounts you can merge them.