[OpenID] Fixing usability: can OPs indicate their claimed_id's are PPID's?

John Bradley ve7jtb at ve7jtb.com
Thu Oct 29 16:20:22 UTC 2009 

Andrew,

If it is a display name for showing to the user that is what SREG  
nickname is for.
It doesn't need to be unique.

If it is for showing other people who the user is that is more  
complicated.

John B.
On 2009-10-29, at 1:15 PM, Andrew Arnott wrote:

> Santosh,
>
> Don't forget that some RPs (like mine) don't want the email address  
> or full name of the user.  OpenID has already solved the problem of  
> RP and OP recognizing the user.  So I agree this isn't particularly  
> about the RP or OP -- but more about helping the user recognize that  
> indeed he is the one logged into the RP he's clicking around  
> within.  But to do that, we need additional RP-OP communication.  So  
> it is about the RP and OP after all.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the  
> death your right to say it." - S. G. Tallentyre
>
>
> On Thu, Oct 29, 2009 at 9:09 AM, Santosh Rajan <santrajan at gmail.com>  
> wrote:
> Hi Andrew,
> This is really not about the RP or the OP. It is about the "user".  
> If the user agree's then Google already provides his email address,  
> and name.
> Maybe we need to re-think the whole issue.
>
>
>
> On Thu, Oct 29, 2009 at 9:18 PM, Andrew Arnott  
> <andrewarnott at gmail.com> wrote:
> A usability issue with OpenID is that while "blog.nerdbank.net"  
> makes for a reasonable "username" for an RP to display as I log in  
> with my "vanity URL", my Google-given claimed_id at an RP is not  
> suitable for display as my username.  Rather than have RPs hard-code  
> an increasing number of OPs that issue these, particularly since  
> some OPs can issue PPIDs at some times and not others based on user  
> preference, can we get OPs to somehow indicate with the assertion  
> that the identifier is not intended for human consumption?
>
> We already have a way: a PAPE authentication policy with this URI:  
> (which comes from the ICAM OpenID 2.0 profile)
> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
>
> Can we get Google, and any other OPs that issue these identifiers,  
> to includes this PAPE policy?
>
> One possibility is to include this PAPE policy in the response if it  
> was included in the request, but if an RP doesn't particularly want  
> to request a PPID, but merely wants to know if it gets one,  
> requesting this policy in PAPE doesn't seem appropriate.
>
> Any other ideas?
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the  
> death your right to say it." - S. G. Tallentyre
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
>
>
> -- 
> http://hi.im/santosh
>
>
>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091029/3b85866f/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2468 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091029/3b85866f/attachment.bin>

More information about the general mailing list