[Catalog-sig] OpenID login to PyPI

[Ben Finney]

"Martin v. Löwis" <martin at v.loewis.de> writes:

> > Since OpenID is an authentication solution, you should probably just
> > accept the claimed identity as the username.
>
> It can't work that way, and shouldn't. First, OpenID defines the
> Simple Registration extensions (SREG) to explicitly cover a nickname,
> and also provide an email address. Whether or not I trust these data -
> at a minimum, I should use them - that's what OpenID users expect to
> happen.

Martin is correct here. The ‘nickname’ field is expected to become the
username for the newly-registered site-local account.

-- 
 \     “It's my belief we developed language because of our deep inner |
  `\                  need to complain.” —Jane Wagner, via Lily Tomlin |
_o__)                                                                  |
Ben Finney