[OpenID] Relying Party Best Practices

Dmitry Shechtman damnian at gmail.com
Sat Mar 10 07:14:05 UTC 2007


> If someone has a mini-profile page (say for example on a forum),
> OpenID identifiers need not always be shown!

I don't think choosing local usernames necessarily means exposing users'
OpenIDs. phpbb-openid uses very simple heuristics for deriving usernames
from the simple registration nicknames.

As for "private by default", I disagree. Quoting the phpbb-openid FAQ:

Q: Will my OpenID be visible to others?

A: That's totally up to. When you log in for the first time, your OpenID is
filled into your Website field. You may quickly replace or remove it by
editing your profile. [...]


Regards,
Dmitry
=damnian




More information about the general mailing list