Forum OpenACS Development: Policy on changing username

Posted by Lars Pind on
What's our policy on users changing their usernames?

Is this at all possible?

Do anyone know of public sites that use usernames, and let users change their username?

If we do allow it, we have t these concerns:

A) if you're a local OpenACS user, we should make sure there are no other local OpenACS users using the same username.

B) if you're a remote user, we should make sure you can successfully authenticate against that remote server.

Here are the options:

1) Usernames cannot be changed

2) Site-wide admins can change usernames

3) Local users can change their usernames, remote users cannot, but site-wide admin can change the usernames for them.

4) All users can change their username, but remote users have to re-authenticate.

5) Something else?


Posted by Janine Ohmer on
Currently, anyone with access to either of the user admin pages (/acs-admin/users or /dotlrn/admin/users) can change a user's e-mail address (I know you are talking about a new username field, but I think they are functionally equivalent here).

It seems to me that this would be a minimum level of desired functionality;  people do sometimes regret the cutsie username they picked before they cared about their standing in the community. :)  And of course e-mail addresses do change as well.  It would be better if users could do this themselves, but I think it's important that admins are able to do it.

I haven't given any thought to authentication issues so I won't comment on that aspect.

Posted by Andrew Piskorski on
If you are allowed to use your email address as your username, then yes you must be able to change your own username. Can you imagine how obnoxious it would be to change your email address, and have the site let you change that, but then keep having to type in your old email address as your username in order to login? Yuck.
Posted by Raad Al-Rawi on
I think the options depend on whether we are talking about a username or email address being used as the identifier.

If it's an email address (as currently), it would seem sensible (even essential) to allow all/any user to change it, and I would strongly consider re-authenticating in this case (i.e. email verification) to safeguard against mistakes. Of course, the system should check first to see if that address is already in use!

If it's a username (presumably tied to an email address), I see it as less of an issue - check the username is not already used, and let any user change it.