[OpenID] Identity in the browser - IDIB

SitG Admin sysadmin at shadowsinthegarden.com
Fri Aug 8 21:54:38 UTC 2008 

>Having the extension detect that the site I am on could be an OP 
>would be more interesting.

It could also be more confusing, with the large and growing number of 
sites acting as OP's; they go to one site, get a notification that 
they can use it as their OP, say "okay", maybe set things up; next 
site, they get the same offer, and so on :(

>The user not needing to know their identifier(s) can dramaticly 
>simply the user experience

It can also endanger their privacy. If the user isn't aware that 
they're posting, say, the URI to their photo collection (if that's 
the OP they settled on using when the extension installed and began 
detecting their possible OP's), they may go ahead and begin using it 
everywhere. Or, if their E-mail address (real first/last name?) maps 
to a default URI of the same (first/last name), they've suddenly 
given away a lot more than they may have been aware was even possible.

Using first/last name in E-mail addresses makes sense because you 
"know" who you're getting in contact with, and/or can easily remember 
the address knowing the name. I think it's important for users to 
have a better grasp of the concept of identity, and be able to 
recognize first/last name as an optional quality thereof, not an 
essential component in the determination thereof.

It would also be nice for sites newly becoming OP's to explicitly 
warn users that using the associated URI will make certain 
information available to anyone visiting the sites they use OpenID 
at. If the user goes straight to trying to use their new OP (without 
having to enable it or anything), the site should give them this 
warning the first time. The user could visit their URI anonymously 
(not logged in) to begin exploring and see for themselves what was 
visible, but since the site (presumably) already has access to its 
own settings for what information is private and what isn't, it 
doesn't seem like it would be difficult for the site to conveniently 
remind the user.

-Shade

More information about the general mailing list