Identity display [was: openId - sorua]
work at zefiro.de
Wed Jul 13 01:43:29 PDT 2005
About displaying of identities:
>> Another question: The example on http://www.openid.net/ says 'Hello,
>> Brad! You're now logged in to someblog.com as Brad from LiveJournal'.
>> How does the consumer know that i'm 'Brad' or that i come from
>> 'LiveJournal', i.e. how can it determine these strings from my Identity?
I would like it best if I could explicitely state how I want to be
displayed. That's like having one login name and passwort used for login
(which will both be replaced by OpenID, URI and Server-confirmation,
respectively) and one name which is displayed. Some sites use this, most
don't - for the simple reason that there's no need, users are unique
inside this site and the names usually look quite neat.
With OpenID the (login) names don't look that good any more, 'cause they
are URIs, not really names. 'Zefiro.de' might be ok and cool, but
'freeopenidprovider.net/users/europe/fahring3' is not.
Names are about recognition. Especially in forums, communities, etc. which
was named as the primary target for OpenID. So they have to be mnemonic.
OTOH they also have to be somewhat unique. So letting the user freely
choose a name might also be problematic in some cases. I think this really
depends on the consumerside application and target audience.
I'd propose that consumers use the OpenID-URI as a login name, but let the
users choose a different name for display. It should be in a way that
everyone can easily see the OpenID-URI (e.g. it's displayed underneath or
is the linktarget for the displayed user, or on the user profile page) but
still the primary seen name is displayed in a much nicer (shorter,
I think it might be best to include a metatag 'wanted display name'
(openid.display, as string, allowed characters and length have to be
defined) in the html-page the OpenID-URI points to and use this as a
suggestion for consumers. Stateful (i.e. maintaining an own userdatabase)
consumers might also let the user choose a different display name for
their sites and impose restrictions like 'no two identical display names
(for this consumer)'.
I think of communities as example for stateful consumers and guestbooks
for stateless. (and in my eyes the main advantage of OpenID is that you
don't have to invent douzens of passwords - remembering is most often done
by the browser, login by cookies, and choosing individual names, config
settings and avatar pictures would also needed to be kept, essentially
creating individual accounts everywhere)
Of course other consumers might want to skip all this and just display raw
OpenID-URIs, because it is easier, the site not so important or, in
contrast, worldwide (instead of communitywide) distinction on first glance
is more important.
> However, if there are certain sites which you deal with routinely
> there's not really any reason why you couldn't handle URL forms you
> recognise in a special way. When the Wikipedia folks were here we were
> disussing using OpenID for their inter-site auth and having their
> interface pick up on their own URLs and display them in a special way.
This goes exactly in the same direction, and if the OpenID-specs don't
direct consumers to behave similar to what I've outlined (they shouldn'nt
require it, but strongly recommend) then many large sites will implement
exactly this. Which will, ultimately, look quite the same but then be
limited to the few big openid-servers which the (consumer) site owner
knows about. And frankly, I don't like this idea, because it would be a
step backwards from the idea "everyone can use whatever OpenID-server and
OpenID-URI he wants".
(example case: 'Zefiro.de' would not be recognized as lj or wikipedia or
... big name openID server (in spite of the fact it does use lj as server)
and be displayed as (perhaps ugly) URI while other users will be displayed
directly as 'Joe'. Looks like second class OpenID users to me... oh, and
if the real server URI and not the OpenID-URI is used, then I'd be
'zefirodragon', which I don't want to be displayed and I think the
consumer shouldn't know about this anyway)
Just my few thoughts. I don't know how deep this goes into profile
managemant, but I think it's not yet really a profile and could be
important enough so that we, on the OpenID-identification-level, should
think about it.
PS OT: http://www.blackgate.net/consulting/reply-to_munging_useful.html
(why couldn't it just be a per-user setting?)
More information about the yadis