I’m helping out a friend at the moment to include a forum into a charity site. The site is used by teachers and students as a educational resource and some of the resources are protected by your typical authentication system which uses the users email address as a username and a password of their choosing. Now none of this would normally set of any alarm bells, but adding a forum to this site brought a question.
Â A typical forum uses a unique friendly name to identify users without exposing any contact information. If the only unique user identifier you have is a email address and you for very obvious reasons you don’t want teacher and students email addresses exposed then how do you resolve this?
In this case a solution was achievable although with caveats which I’m not going to go into right now, but in future when I (or you) design an authentication system it might do you good to at least consider how your user identifier is going to be used.
Before anyone says use OpenID I just don’t think it really would work in forums (yet); Although I know that you can have a nickname in OpenID it’s just too clunky a system at the moment to create a new persona for a new site for the average user (if your default nickname is already in use) i.e. it doesn’t pass my ‘Can my mum understand this?’ test!
Do I have a better solution – hell no, but i’m sure smarty people than me are thinking about it!
UPDATE: I found a excellent blog which articulates some of my concerns about OpenID