Supporting display name and avoiding misuse of them #36
Assignees
Comments
melanierichards
added
the
agenda+
melanierichards
removed
the
agenda+
|
IMHO this seems like browser UI territory and possibly best addressed as advisory non-normative spec text. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Porting to this repo; @johnwilander wrote:
We've discussed display name as a version of the username suitable for user interfaces. This would allow the browser to show an account name that the user might be more familiar with. The user might have the formal username liza_johnson887 but the desired display name Lizza JSON. Can we support that in a safe way?
We have to make sure it cannot be misused to fake trusted browser signals. Imagine display names such as "Secure," "Private," "Logged Out," or "Anonymous," and the browser showing them in various contexts. Add localization to that and you have a real challenge. Add multi script such as Latin+Cyrillic and I'm remembering the struggle to defend URLs as a trust signal.
The text was updated successfully, but these errors were encountered: