Making OpenIDs public (for reputation/trust aggregation) - etiquette, UI and sample text?

Dan Brickley danbri at danbri.org
Sun Jan 10 19:16:13 UTC 2010


Hi folks,

I am looking at techniques for sharing and aggregating metadata about
OpenIDs, so that -for example- a 'public record' of perceived good
behaviour can be used in blogs and wikis to fast-track approval of
comments/edits. Doing this would need sites to make public feeds of
OpenIDs along with various bits of metadata, such as the fact that one
or more contributions have been accepted into a blog/wiki. This is not
something to do lightly, so I thought it might be useful to raise the
topic here: how can a site be sure it has the informed consent of its
OpenID-using users, when exposing information about their openid usage
in public.

Is there any emerging best practice here? Is there any commonplace
text in use amongst sites that make this sort of data public?

For example, in my own blog I currently use this text, which shows as
a warning before someone signs in to leave a comment:

"By creating an account or logging on this site, please be away that
your comments (and any OpenID account URLs) will be public and that
this information may show up elsewhere on the Web.".

(I just made this up. I would have been happy to have a standard form
of words to use)

I think it's quite likely (especially given the arms-race with
spammers) that reputation/karma services for OpenIDs will become
popular. And that some (but not all) OpenIDs will be well known as
associated with real-life identifiable people; and so associated with
reputation of the person, rather than just of the online account. In
such a context it seems important to be able to communicate the risks
(and potential benefits) of information flow to users, and to have
enough agreement on the basics that supprting text can be
translated/adapted for different languages and audiences.

I have sample code in progress for both wordpress and mediawiki, but
don't want to push it out for wider experimental use without
addressing this issue. Thanks for any thoughts...

cheers,

Dan


More information about the user-experience mailing list