[OpenID] Fixing usability: can OPs indicate their claimed_id's are PPID's?

[Andrew Arnott]

A usability issue with OpenID is that while "blog.nerdbank.net" makes for a
reasonable "username" for an RP to display as I log in with my "vanity URL",
my Google-given claimed_id at an RP is *not* suitable for display as my
username.  Rather than have RPs hard-code an increasing number of OPs that
issue these, particularly since some OPs can issue PPIDs at some times and
not others based on user preference, can we get OPs to somehow indicate with
the assertion that the identifier is not intended for human consumption?

We already have a way: a PAPE authentication policy with this URI: (which
comes from the ICAM OpenID 2.0 profile)
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier

Can we get Google, and any other OPs that issue these identifiers, to
includes this PAPE policy?

One possibility is to include this PAPE policy in the response if it was
included in the request, but if an RP doesn't particularly want to *request* a
PPID, but merely wants to know if it gets one, requesting this policy in
PAPE doesn't seem appropriate.

Any other ideas?

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091029/57f46bdf/attachment.htm>