[OpenID] Fixing usability: can OPs indicate their claimed_id's are PPID's?

John Bradley ve7jtb at ve7jtb.com
Thu Oct 29 16:54:24 UTC 2009 

I suspect that getting the IdP to support nickname in SREG and AX is  
the shortest path to some solution.

Since it is self asserted the user can use a name, email, or URI as  
they like.

I suppose that if the IdP is using some nice globally unique URI for  
the person they can always throw that in nickname by default.

It is hard to know if a RP needs a unique nickname for the user.

It would be nice if all RP used claimed_id for the primary key and  
something that doesn't need to be unique for the display name.   
Unfortunately a lot of RP's are using the display name as the primary  
key.

John B.
On 2009-10-29, at 1:22 PM, Andrew Arnott wrote:

> I agree.
>
> Google and Yahoo don't offer nicknames, last I checked.  That would  
> definitely help alleviate.  AX also has a nickname type URI, so  
> Google could support it.
>
> Some really poor RPs have actually failed to log me in because my OP  
> did offer a nickname, and it didn't happen to fit into the RP's  
> uniqueness constraint.  The RP didn't even give me a chance to  
> choose another.  Yech.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the  
> death your right to say it." - S. G. Tallentyre
>
>
> On Thu, Oct 29, 2009 at 9:20 AM, John Bradley <ve7jtb at ve7jtb.com>  
> wrote:
> Andrew,
>
> If it is a display name for showing to the user that is what SREG  
> nickname is for.
> It doesn't need to be unique.
>
> If it is for showing other people who the user is that is more  
> complicated.
>
> John B.
>
> On 2009-10-29, at 1:15 PM, Andrew Arnott wrote:
>
>> Santosh,
>>
>> Don't forget that some RPs (like mine) don't want the email address  
>> or full name of the user.  OpenID has already solved the problem of  
>> RP and OP recognizing the user.  So I agree this isn't particularly  
>> about the RP or OP -- but more about helping the user recognize  
>> that indeed he is the one logged into the RP he's clicking around  
>> within.  But to do that, we need additional RP-OP communication.   
>> So it is about the RP and OP after all.
>>
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to  
>> the death your right to say it." - S. G. Tallentyre
>>
>>
>> On Thu, Oct 29, 2009 at 9:09 AM, Santosh Rajan  
>> <santrajan at gmail.com> wrote:
>> Hi Andrew,
>> This is really not about the RP or the OP. It is about the "user".  
>> If the user agree's then Google already provides his email address,  
>> and name.
>> Maybe we need to re-think the whole issue.
>>
>>
>>
>> On Thu, Oct 29, 2009 at 9:18 PM, Andrew Arnott <andrewarnott at gmail.com 
>> > wrote:
>> A usability issue with OpenID is that while "blog.nerdbank.net"  
>> makes for a reasonable "username" for an RP to display as I log in  
>> with my "vanity URL", my Google-given claimed_id at an RP is not  
>> suitable for display as my username.  Rather than have RPs hard- 
>> code an increasing number of OPs that issue these, particularly  
>> since some OPs can issue PPIDs at some times and not others based  
>> on user preference, can we get OPs to somehow indicate with the  
>> assertion that the identifier is not intended for human consumption?
>>
>> We already have a way: a PAPE authentication policy with this URI:  
>> (which comes from the ICAM OpenID 2.0 profile)
>> http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
>>
>> Can we get Google, and any other OPs that issue these identifiers,  
>> to includes this PAPE policy?
>>
>> One possibility is to include this PAPE policy in the response if  
>> it was included in the request, but if an RP doesn't particularly  
>> want to request a PPID, but merely wants to know if it gets one,  
>> requesting this policy in PAPE doesn't seem appropriate.
>>
>> Any other ideas?
>>
>> --
>> Andrew Arnott
>> "I [may] not agree with what you have to say, but I'll defend to  
>> the death your right to say it." - S. G. Tallentyre
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>>
>>
>>
>>
>> -- 
>> http://hi.im/santosh
>>
>>
>>
>> _______________________________________________
>> general mailing list
>> general at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-general
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091029/c867e33a/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2468 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20091029/c867e33a/attachment-0001.bin>

More information about the general mailing list