Call directed identity "anonymous login"? (was RE: concerns about each user having a unique "URL")

[Dick Hardt]

Peter

wrt. Q1:

I think private identifier maps well for people. Our UX testing has  
found people understand that no one sees it. Not sure they need to  
understand much more then that.

wrt. Q2

We have used the term Homesite. People know it is a "URL thing". Keep  
in mind most people don't know what a URL is. They know a web  
address. Remember it is called an address bar in browsers.

See this screenshot:
	http://whobar.org/screenshots

This discussion should probably be moved over the the user experience  
list, cc'ed.

-- Dick

On 12-Nov-06, at 11:58 AM, Peter Watkins wrote:

> James A. Donald wrote:
>> Drummond Reed wrote:
>>> The term Josh uses, "IdP-driven identifier selection",
>>> is technically accurate, but somewhat like "directed
>>> identity", I fear I it will be lost on the general
>>> public.
>>>
>>> The best candidate I can think of so far is "anonymous
>>> login", because that seems to go straight to the heart
>>> of the benefit to the End User.
>
> I think there are a couple questions here:
>  1) what to call this "directed identity" process
>  2) what to call the URL that a user would enter to
>     utilize such a process
>
> I keep finding myself drawn to the second question. While the first
> question is somewhat esoteric (what should the developers and  
> sysadmins
> call it), the second question is focused on user interface and
> education, and I think that's the more important concern.
>
> The best phrasing I've come up with is based on on the notion of an
> "authority" ("identity provider" is too abstract and technical;
> "institution", "domain" and "corporate" not quite accurate).
>
> My answer to the second question is an "OpenID authority URL".
>
> Users would be asked to enter either
>  - an iName (=beth),
>  - an "individual OpenID URL" (beth.pip.verisignlabs.com), or
>  - an "OpenID authority URL" (pip.verisignlabs.com)


>
> I think this is both more accurate than terms like "anonymous login"
> (some sites like my employer's will use this not for anonymity, but to
> avoid the complexities of managing individual user URLs) and
> "privacy-protected login" (the RP might insist on the GUID or other
> attributes that don't really preserve privacy), and easier to  
> comprehend
> (the difference between "individual" and "authority"). Instead of a  
> URL
> unique to that user, the "authority URL" identifies a party that can
> vouch for the user.
>
> The "private" vs. "public" wording seems ripe for confusion. In this
> discussion, we'd probably call "pip.verisignlabs.com" the "private"  
> URL
> because it would be used when the individual wanted to choose what
> information the IdP gave to the RP -- preserving some "privacy". But
> "private" also implies something reserved for the individual, and
> "public" implies something known or accessible to all -- gmail.com  
> being
> better known than, say, my gmail address. I find it too easy to get  
> the
> private/public identifiers reversed.
>
> With phrasing like "OpenID authority URL" or "OpenID authority
> identifier", this process might then be called something like
> "authority-driven identification", but in the specs it could just as
> well be called IdP-driven identification, etc.
>
> -Peter
>
>> Cypherpunks and the cryptonomicon discuss identity at
>> considerable length.  In their terminology, it is nymous
>> login.
>>
>> The user can have as many nyms as he pleases, thereby
>> controlling the extent to which his identity is
>> revealed.  "Nym" merely means name, but the association
>> with "anonymous" and "pseudonym" implies that it can
>> easily be a cheap and disposable name, or a name that is
>> one of a rather large number of names that cannot be
>> easily linked to each other by outsiders.
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general