[OpenID] Relying Party Best Practices
jpanzer at aol.net
Thu Mar 8 00:24:54 UTC 2007
Simon Willison wrote:
> On 3/7/07, Martin Atkins <mart at degeneration.co.uk> wrote:
>> I created this page on the wiki ages ago but never really did much to
>> promote it. I just added a few more items of my own, and restructured it
>> a little bit:
>> My thinking is that we could produce a bunch of best practices organised
>> into different "quality levels", which would hopefully cause sites to
>> aim towards maximum quality wherever possible, while making it clear
>> which things are pretty-much required for any kind of useful
>> implementation and which are just "would-be-nice" requirements.
> That's a really great list. I have one query about it:
> - Many-to-one relationship between Identity URLs and "user accounts"
> - Don't require users to choose locally-unique usernames
> These appear to be conflicting recommendations. For the second one,
> you advocate using the OpenID identifier as the primary identifier for
> a user, but in the first you emphasize that a user account should be
> able to have more than one OpenID associated with it. Even if you ask
> the user to select their "primary" OpenID you still run in to problems
> should they later ditch that one in favour of another. This could
> definitely be clarified.
If you assume that the local user account need not have a local username
(perhaps just an autogenerated UID), does this resolve the problem?
OpenID1 --> UID1
OpenID2 --> UID1
No local user name, yet they can ditch OpenID1 without affecting OpenID2.
"/[TODO: Perhaps define a rel="..." keyword for OpenID identifiers, so
that interested software can grovel for them?]"/
I think that the hCard microformat handles this nicely, using "uid":
<span class="vcard"><a class="url fn uid"
(Per related discussions on microformats-discuss mailing list.)
I really like this page. I wonder if it's appropriate to start
documenting "commonly used attributes" in which RPs are commonly
interested ? (Nickname, website, email...)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the general