[OpenID] Fixing usability: can OPs indicate their claimed_id's are PPID's?

Thu Oct 29 16:22:29 UTC 2009

I agree.

Google and Yahoo don't offer nicknames, last I checked.  That would
definitely help alleviate.  AX also has a nickname type URI, so Google could
support it.

Some really poor RPs have actually failed to log me in because my OP did
offer a nickname, and it didn't happen to fit into the RP's uniqueness
constraint.  The RP didn't even give me a chance to choose another.  Yech.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - S. G. Tallentyre

On Thu, Oct 29, 2009 at 9:20 AM, John Bradley <ve7jtb at ve7jtb.com> wrote:

> Andrew,
>
> If it is a display name for showing to the user that is what SREG nickname
> is for.
> It doesn't need to be unique.
>
> If it is for showing other people who the user is that is more complicated.
>
> John B.
>
> On 2009-10-29, at 1:15 PM, Andrew Arnott wrote:
>
> Santosh,
>
> Don't forget that some RPs (like mine) don't want the email address or full
> name of the user.  OpenID has already solved the problem of RP and OP
> recognizing the user.  So I agree this isn't particularly about the RP or OP
> -- but more about helping the user recognize that indeed he is the one
> logged into the RP he's clicking around within.  But to do that, we need
> additional RP-OP communication.  So it is about the RP and OP after all.
>
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
>
> On Thu, Oct 29, 2009 at 9:09 AM, Santosh Rajan <santrajan at gmail.com>wrote:
>
>> Hi Andrew,
>> This is really not about the RP or the OP. It is about the "user". If the
>> user agree's then Google already provides his email address, and name.
>> Maybe we need to re-think the whole issue.
>>
>>
>>
>> On Thu, Oct 29, 2009 at 9:18 PM, Andrew Arnott <andrewarnott at gmail.com>wrote:
>>
>>> A usability issue with OpenID is that while "blog.nerdbank.net" makes
>>> for a reasonable "username" for an RP to display as I log in with my "vanity
>>> URL", my Google-given claimed_id at an RP is *not* suitable for display
>>> as my username.  Rather than have RPs hard-code an increasing number of OPs
>>> that issue these, particularly since some OPs can issue PPIDs at some times
>>> and not others based on user preference, can we get OPs to somehow indicate
>>> with the assertion that the identifier is not intended for human
>>> consumption?
>>>
>>> We already have a way: a PAPE authentication policy with this URI: (which
>>> comes from the ICAM OpenID 2.0 profile)
>>>
>>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
>>>
>>> Can we get Google, and any other OPs that issue these identifiers, to
>>> includes this PAPE policy?
>>>
>>> One possibility is to include this PAPE policy in the response if it was
>>> included in the request, but if an RP doesn't particularly want to *
>>> request* a PPID, but merely wants to know if it gets one, requesting
>>> this policy in PAPE doesn't seem appropriate.
>>>
>>> Any other ideas?
>>>
>>> --
>>> Andrew Arnott
>>> "I [may] not agree with what you have to say, but I'll defend to the
>>> death your right to say it." - S. G. Tallentyre
>>>
>>> _______________________________________________
>>> general mailing list
>>> general at lists.openid.net
>>> http://lists.openid.net/mailman/listinfo/openid-general
>>>
>>>
>>
>>
>> --
>> http://hi.im/santosh
>>
>>
>>
> _______________________________________________
> general mailing list
> general at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-general
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091029/5e26ae32/attachment-0001.htm>