<div>A usability issue with OpenID is that while "<a href="http://blog.nerdbank.net">blog.nerdbank.net</a>" makes for a reasonable "username" for an RP to display as I log in with my "vanity URL", my Google-given claimed_id at an RP is <i>not</i> suitable for display as my username. Rather than have RPs hard-code an increasing number of OPs that issue these, particularly since some OPs can issue PPIDs at some times and not others based on user preference, can we get OPs to somehow indicate with the assertion that the identifier is not intended for human consumption?</div>
<div><br></div><div>We already have a way: a PAPE authentication policy with this URI: (which comes from the ICAM OpenID 2.0 profile)</div><a href="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier">http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier</a><div>
<br></div><div>Can we get Google, and any other OPs that issue these identifiers, to includes this PAPE policy? </div><div><br></div><div>One possibility is to include this PAPE policy in the response if it was included in the request, but if an RP doesn't particularly want to <i>request</i> a PPID, but merely wants to know if it gets one, requesting this policy in PAPE doesn't seem appropriate.</div>
<div><br></div><div>Any other ideas?</div><div><br></div><div>--<br>Andrew Arnott<br>"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre<br>
</div>