Unique usernames on OpenID sites

Steven Livingstone-Perez weblivz at hotmail.com
Wed Jan 14 22:05:38 UTC 2009


This is actually a very good point to raise and one I wish other sites would
raise more often.

Here is my take on it. I have a site that both provides OpenID's and
consumes OpenID's - from any web site.

I have a similar scenario to yours BUT, I use a "normalize" function to
create a unique name based on the OpenID  (it's really just the OpenID but
removing some special characters etc) and allow the user to provide a
"display name".

The OpenID's are by definition unique so creating another key to manage
wasn't something that made sense to me - is there a good reason you are
doing this? Perhaps you want to allow for a "display name" that is unique
across your site?

Steven
http://livz.org

-----Original Message-----
From: user-experience-bounces at openid.net
[mailto:user-experience-bounces at openid.net] On Behalf Of Cornelius
Schumacher
Sent: 14 January 2009 21:42
To: user-experience at openid.net
Subject: Unique usernames on OpenID sites

I'm working on a web site which uses OpenID for authentication. In addition
to 
the (potentially multiple) OpenID associated with an account we also create 
an unique username which can be edited by the user. We have an additional 
display name which we use to show users in the UI, but we use this username 
for uniquely identifying users when it's important to have a unique way of 
identifying users, e.g. when giving another user access rights or in the
API. 
We don't show the OpenID at all.

While this solution seems to work, I would be interested in comments, if
this 
is the best possible way to implement it in terms of user experience, or if 
there are better ideas or practices how to do that.

I looked at the relying party best practices page at 
https://openid.pbwiki.com/Relying-Party-Best-Practices, but it doesn't seem 
to have a real answer to that. In fact it's somewhat inconsistent, because
it 
advises to not show the OpenID without user's approval, but also recommends 
to use the OpenID as unique identifier instead of a site-specific unique 
username. For some cases this doesn't work together.

-- 
Cornelius Schumacher <cschum at suse.de>
_______________________________________________
user-experience mailing list
user-experience at openid.net
http://openid.net/mailman/listinfo/user-experience




More information about the user-experience mailing list