<!doctype html public "-//W3C//DTD W3 HTML//EN">
<html><head><style type="text/css"><!--
blockquote, dl, ul, ol, li { padding-top: 0 ; padding-bottom: 0 }
--></style><title>Re: [OpenID] Community Opinion on OID 2.1 Discovery
and Id</title></head><body>
<div>>However, with XRD it might be enabled by simply having Google
forward any XRD requests for my google-id over to Facebook, so anybody
requesting my "<a
href="http://david.google.com">david.google.com</a>" XRD get it,
and notice that the canonical id is now "<a
href="http://david.facebook.com">david.facebook.com</a>".</div>
<div><br></div>
<div>That would return us to the "crowded namespace"
problem, and intrude on policy decisions by requiring Google to keep
the "david" username reserved as long as you were around;
Facebook, even once you moved on from *there*, would have to do the
same; as OpenID currently stands, different domains *multiply* the
available namespace, so you can be David Google (David of the Google
family) and thus distinguished from David Facebook (the David at
Facebook).</div>
<div><br></div>
<div>>First of all, there's one arguement to be made that OP's and
RP's should have this authority (to display whatever they want for
you). However, there's a couter-arguement that says the user
should determine what should be displayed.</div>
<div><br></div>
<div>Within reasonable limits, of course (just as the '@' symbol is
banned in usernames on many systems today). RP's don't want users
displaying names for themselves that could be confused for the
OpenID's of other users - and if you expand identifiers to include
more than just URL's, security designers will be looking at a *lot* of
rules about what names can't be used for displaying user
identity.</div>
<div><br></div>
<div>-Shade</div>
</body>
</html>