FWIW, this is how Yahoo do it:
they autogenerate an ugly unrememberable unique ID https://me.yahoo.com/a/Ve7giSMuverd1i.DwyyuXmYxvpiXvby2
and they let you pick (ONLY ONCE!) a more userfriendly identifier: https://me.yahoo.com/lucian.openid
When I tested this on blogspot it left behind lucian.openid as the user's name (I'm not familiar with OpenID naming conventions).
Btw, as you see Yahoo keeps the autogenrated IDs in a different namespace from the user's hand picked ones.
Leaving the user's nickname is not a security issues: there's a link left behind which indirectly points to launchpad.net/~nickname.
This would be a lot better than leaving the ugly autogenerated ID.
FWIW, this is how Yahoo do it: /me.yahoo. com/a/Ve7giSMuv erd1i.DwyyuXmYx vpiXvby2 /me.yahoo. com/lucian. openid
they autogenerate an ugly unrememberable unique ID
https:/
and they let you pick (ONLY ONCE!) a more userfriendly identifier:
https:/
When I tested this on blogspot it left behind lucian.openid as the user's name (I'm not familiar with OpenID naming conventions).
Btw, as you see Yahoo keeps the autogenrated IDs in a different namespace from the user's hand picked ones.
Leaving the user's nickname is not a security issues: there's a link left behind which indirectly points to launchpad. net/~nickname.
This would be a lot better than leaving the ugly autogenerated ID.