Relying Party Best Practices (zh-cn)
This page lists some best practices for Relying Parties. Currently this list is just hashing out ideas, so it's a bit chaotic. Once we've got all of the key points we can write it up as a proper document.
本页列出一些Relying Parties的最佳使用方式。目前这个列表只是散列出一些想法,所以有点混乱。一旦我们获得所有关键的要点后就可以写成一份适用的文档。
Please continue this list in a similar vein. Individual items here can be discussed on an appropriate mailing list, or on the wiki discussion page if you like that sort of thing.
请以此方式继续。如果你愿意,可以在相关合适的邮件列表里,或者在wiki的讨论页面上对这里的每一项进行讨论。
Identity URL和“用户帐号”之间多对一的关系
For RPs that create some form of user account in response to an initial OpenID login, allow the user to attach additional URLs to that account that are considered to be the same user.
对在处理用户首次用OpenID登录的时候创建该用户帐号的RP们,让用户能添加更多的也被视为自己的URL到这个帐号。
Rationale: Allows users to more easily migrate from one identifier to another, and to allow the user to show that multiple identifiers are "the same user".
理由:让用户更容易地从一个identifier迁移到另一个,并且让用户展示多个identifier是“同一个人”。
用户可以,但不是必须,在他们的Identity上附加一个 handle 或者 name
Allow users to enter some kind of friendly name (their full name, or some kind of nickname) to go along with their unique identifier, and display the friendly name alongside the identifier.
允许用户输入某种友好的称呼(他们的全名,或某种昵称)跟他们的唯一Identifier搭配,并且显示在该identifier一旁。
These friendly names need not be unique because they are accompanied by a verified OpenID identifier. For example, a forum post:
这些友好的称呼不必唯一因为一旁兼带有一个verified OpenID identifier。比如,一个论坛帖子:
|
John Bloggs
john.example.com
|
Pizza is rather nifty |
| Don't you just love pizza? I sure do. Especially when it's covered in a zillion different toppings that make a contrast between spicy and cool. I'll eat anything on a pizza. (Within reason, of course.) I'll eat things that don't really appeal to me on their own, because they go so well with everything else. You have to have good cheese, though. That's a necessity. A pizza without good cheese is like a sports car with a wheelchair motor. So who else likes pizza? |
This applies both to sites that create "user accounts", such as forums, and those that are one-shot, such as weblog comments. The difference is that in the latter case you may invite the user to specify his name each time rather than storing it as a global setting for that identity.
Rationale: Humans prefer names to URLs when talking about people. Most of the time, name collisions aren't a problem. In situations where they do become a problem, the identity URL is available to provide disambiguation. This should be optional because not everyone wants to share their name, and not all users are humans.
