Identity display [was: openId - sorua]

Martin Atkins mart at degeneration.co.uk
Wed Jul 13 02:18:33 PDT 2005


Zefiro wrote:
> About displaying of identities:
> 
> 
>>> Another question: The example on http://www.openid.net/ says 'Hello,
>>>Brad! You're now logged in to someblog.com as Brad from LiveJournal'.
>>>How does the consumer know that i'm 'Brad' or that i come from
>>>'LiveJournal', i.e. how can it determine these strings from my Identity?
> 
> I would like it best if I could explicitely state how I want to be
> displayed. That's like having one login name and passwort used for login
> (which will both be replaced by OpenID, URI and Server-confirmation,
> respectively) and one name which is displayed. Some sites use this, most
> don't - for the simple reason that there's no need, users are unique
> inside this site and the names usually look quite neat.
> 

....

> I'd propose that consumers use the OpenID-URI as a login name, but let the
> users choose a different name for display. It should be in a way that
> everyone can easily see the OpenID-URI (e.g. it's displayed underneath or
> is the linktarget for the displayed user, or on the user profile page) but
> still the primary seen name is displayed in a much nicer (shorter,
> mnemonic) way.

Consumers are free to do this already. Mark's lifewiki software, for
example, lets all users configure a display name which is then used
alongside the identity URL. It's up to each consumer to implement this
separately.

> I think it might be best to include a metatag 'wanted display name'
> (openid.display, as string, allowed characters and length have to be
> defined) in the html-page the OpenID-URI points to and use this as a
> suggestion for consumers. Stateful (i.e. maintaining an own userdatabase)
> consumers might also let the user choose a different display name for
> their sites and impose restrictions like 'no two identical display names
> (for this consumer)'.

OpenID is purely an authentication system. Profile exchange and related
matters are explicitly and deliberately left to another layer (yet to be
designed) atop OpenID. The simplest approach, and one we've already
discussed a little, is to simply look at the document at the identity
URL (where we already discovered the openid.server) to find any
profile-related documents, such as a FOAF document or vCard. That is
likely to be the first approach taken, though there was also talk of
leveraging parts of LID (which is yet another identity/auth system) to
do authenticated profile exchange.

> I think of communities as example for stateful consumers and guestbooks
> for stateless. (and in my eyes the main advantage of OpenID is that you
> don't have to invent douzens of passwords - remembering is most often done
> by the browser, login by cookies, and choosing individual names, config
> settings and avatar pictures would also needed to be kept, essentially
> creating individual accounts everywhere)

In my eyes, a major advantage of OpenID and similar systems is that we
can see that the frank.livejournal.com posting on (for example) slashdot
is the same person as frank.livejournal.com posting on wikipedia. The
single sign-on thing is also nice, but I'd say it's hardly the most
important part.

>>However, if there are certain sites which you deal with routinely
>>there's not really any reason why you couldn't handle URL forms you
>>recognise in a special way. When the Wikipedia folks were here we were
>>disussing using OpenID for their inter-site auth and having their
>>interface pick up on their own URLs and display them in a special way.
> 
> This goes exactly in the same direction, and if the OpenID-specs don't
> direct consumers to behave similar to what I've outlined (they shouldn'nt
> require it, but strongly recommend) then many large sites will implement
> exactly this. Which will, ultimately, look quite the same but then be
> limited to the few big openid-servers which the (consumer) site owner
> knows about. And frankly, I don't like this idea, because it would be a
> step backwards from the idea "everyone can use whatever OpenID-server and
> OpenID-URI he wants".

The site has to indicate in *some* way what site the user came from. How
that happens is up to the site. Even if I did say my display name was
"Martin Atkins", the site would still have to display my OpenID identity
URL so that users can differentiate me from other people called Martin
Atkins.

When it comes down to it, identity display is a decision for consumers.
LiveJournal already displays it differently to LifeWiki, for example.
LiveJournal displays the identity URL and links to a page where you can
find out more about the user, assuming that the user has actually
entered some profile information on LiveJournal. LifeWiki instead shows
the display name and links to a page where you can find the identity.



More information about the yadis mailing list