Unique usernames on OpenID sites
weblivz at hotmail.com
Wed Jan 14 22:05:38 UTC 2009
This is actually a very good point to raise and one I wish other sites would
raise more often.
Here is my take on it. I have a site that both provides OpenID's and
consumes OpenID's - from any web site.
I have a similar scenario to yours BUT, I use a "normalize" function to
create a unique name based on the OpenID (it's really just the OpenID but
removing some special characters etc) and allow the user to provide a
The OpenID's are by definition unique so creating another key to manage
wasn't something that made sense to me - is there a good reason you are
doing this? Perhaps you want to allow for a "display name" that is unique
across your site?
From: user-experience-bounces at openid.net
[mailto:user-experience-bounces at openid.net] On Behalf Of Cornelius
Sent: 14 January 2009 21:42
To: user-experience at openid.net
Subject: Unique usernames on OpenID sites
I'm working on a web site which uses OpenID for authentication. In addition
the (potentially multiple) OpenID associated with an account we also create
an unique username which can be edited by the user. We have an additional
display name which we use to show users in the UI, but we use this username
for uniquely identifying users when it's important to have a unique way of
identifying users, e.g. when giving another user access rights or in the
We don't show the OpenID at all.
While this solution seems to work, I would be interested in comments, if
there are better ideas or practices how to do that.
I looked at the relying party best practices page at
https://openid.pbwiki.com/Relying-Party-Best-Practices, but it doesn't seem
to have a real answer to that. In fact it's somewhat inconsistent, because
advises to not show the OpenID without user's approval, but also recommends
to use the OpenID as unique identifier instead of a site-specific unique
username. For some cases this doesn't work together.
Cornelius Schumacher <cschum at suse.de>
user-experience mailing list
user-experience at openid.net
More information about the user-experience