[OpenID board] Update to BOD on NYC OpenID Content Provider Advisory Committee Seminar
David Recordon
drecordon at sixapart.com
Tue Sep 30 17:55:36 UTC 2008
Hey Brian,
Thanks for this great summary and for doing the leg work to get the
meeting together. While I couldn't stay for the entire time, the
parts that I was there for were really useful!
--David
On Sep 30, 2008, at 10:23 AM, Brian Kissel wrote:
> Hello All,
>
> As I think everyone knows, the BBC hosted and JanRain coordinated a
> full day meeting of several OPs and large Content Provider
> organizations in NY City. This was billed as a kickoff meeting for
> an “OpenID Content Provider Advisory Committee.” Here are some
> highlights from the event:
>
> Summary:
>
> · There were 26 participants from 18 organizations including
> 8 OPs and 8 RPs. Time Inc. sent 4 representatives, NY Times and BBC
> sent 3 each, and NPR sent 2. All the confirmed participants except
> SonyBMG attended which we think is indicative that there is serious
> interest on the part of the Content Provider community in OpenID.
>
> <image002.jpg>
>
> · Topics discussed included:
> o Business case for OpenID – use cases and economic impact
> o Best practices for OpenID Providers (OPs) w.r.t. UX, data
> support, security, features
> o Best practices for OpenID Relying Parties (RPs) w.r.t. UX, data
> support, security, features
> o Optimal Content Provider user experience
> o Data Management – sources, integration, industry specific data,
> accuracy, security & trust
> o Coming Enhancements – PAPE, Oauth, Portable Contacts, MySpace
> DA, browser integration
> · Zac Bjelogrlic of the BBC gave the welcoming introduction
> and made a compelling case that a core group of OPs and RPs should
> come together to define how OpenID can be a great opportunity for
> Content Providers and determine how OpenID needs to evolve to
> realize that potential
> · Yahoo, Google, and MySpace all presented information about
> their OP services, thoughts on User Experience & Lessons Learned,
> and some future plans. AOL will also be providing information along
> these lines to share with the RP participants.
> · National 4-H presented a summary of an OpenID-based
> integrated National, State, and Local web platform that they will be
> deploying in the coming months.
> · We shared the case study that Nat Sakimura has created for
> Japanese Airlines (JAL) federated partner commerce using OpenID with
> the proposed Trusted Data Exchange (TX) extension that NRI has been
> developing.
> · There was extensive discussion between existing and
> potential RPs and the OPs about what it would take for faster and
> broader adoption of OpenID in the Content Provider community.
> · The session was moderated and feedback captured by
> Rosemary Remacle of Market Focus, a strategic marketing consulting
> firm who will be doing some follow on customer research.
>
> High Level Feedback:
>
> · User Experience. Everyone agreed that the current user
> experience models that are being tried are not working. For all but
> the tech savvy, users don’t get what OpenID is or how to use it,
> even after they have been educated (Yahoo case study). In some
> cases, adding an OpenID option to a login page actually reduced
> successful login rates. A few of the general themes:
> o There is no consistency among OPs on how they handle
> authentication and interplay with the RP, which makes it hard for
> RPs to accept multiple OPs and still provide a consistent user
> experience
> o There is no consistency among RPs, so end-users get confused
> when each website offering OpenID does it a different way
> o Users don’t get the notion of a URL as a login credential, don’t
> know why there isn’t a password
> o For some RP/OP sequences there are too many redirections and
> sequential clicks, users get lost and confused
> o General acknowledgement that there hasn’t been much end user
> education yet (by OPs or RPs), and that may help, but overall the UX
> has to be improved as well
> o Some discussion about whether end users even need to know that
> OpenID is providing SSO, or whether it might be better to abstract
> the functionality in some way to a paradigm users understand – email
> address (Google draft proposal would extract OPs domain from the
> email address then authenticate via directed identity), visual icons
> for major OPs (AOL, Yahoo, Google, MySpace, etc. – the SourceForge
> approach), integration into the browser, selectors (like ClickPass
> and ID Selector), etc.
> · Data – None of the major content providers in attendance
> appeared to interested in OpenID until major OPs start using SREG,
> minimum data is email address and DOB (age), though most would like
> all the SREG data. Most were also very interested in data beyond
> SREG: AX, OAuth, Portable Contacts, MySpace Data Availability, etc.
> · Trust/Assurance – RPs want to know that they can rely on
> any given OP for user authentication and/or the corresponding end-
> user data. What are the mechanisms to achieve this?
> · Security – Standard concerns about phishing and protecting
> end user data. Interestingly, when surveyed across 13 possible
> topics to discuss at the session, Security only came in at # 7
> · ROI – What are the quantitative benefits and what are the
> costs associated with implementing OpenID? Some, like NPR, said
> that even if the upside isn’t proven, if they can be certain there
> isn’t any downside (Yahoo and Google presented data that if done
> improperly, OpenID actually reduces registration and login) and the
> cost is low, they would be willing to deploy it since they can
> qualitatively project how OpenID will be of value to them and their
> customers long term. General agreement that case studies and
> industry data would be helpful with this.
> · Business rule templates for RP/OP and federated RP/RP
> interactions. Suggested that the OIDF should come up with these,
> akin to what Liberty and SAML provide.
> · OpenID Brand. There was an interesting discussion on
> whether OpenID was a B2B or B2C brand, or both. It appeared that
> the Content Providers wanted OpenID to be a B2B brand at a minimum
> so they could count on something around OpenID. They felt that
> there was a role for the OIDF to play in defining best practices for
> OPs and RPs in UX, authentication, attribute assurance, privacy,
> security, data management, etc. as well as possibly “validating/
> certifying” some key elements of the ecosystem, whitelist/blacklist
> services, legal frameworks, etc. On the B2C side it was less clear
> that the Content Providers thought there was as compelling a role
> for the OpenID brand – that is, it wasn’t clear that “login with
> your OpenID” was necessarily the right way to go. The underlying
> functionality was good, just not clear that the branded UX
> implementation was optimal – first priority should be ease of use
> and adoption, not the brand.
>
> Possible Next Steps:
>
> · OIDF Foundation Support: OpenID Foundation should charter
> this group as the “Content Provider Advisory Committee to the OpenID
> Foundation” – everyone in support of this? Seems that the Customer
> Research Committee (CRC) should continue to drive this advisory
> committee and explore whether other advisory committee segments
> should be pursued.
> o Volunteers? The official Customer Research Committee (CRC) is
> Johannes Ernst, Scott Kveton, Raj Mata, and Brian Kissel. If there
> are others that would like to be more involved, please let us know,
> we need the help.
> · Discussion Website: A Google Group was created to post
> the various presentations and links that were discussed at the
> session. Additionally, several discussion threads were created to
> allow participants to continue the dialog on various topics of
> interest. Currently there are 26 people registered on this site.
> If you’d like an invitation, just send me the email address you’d
> like to log in with. If you already have an email account confirmed
> with Google Groups, that’s the best one to use. If you have content
> that would be of interest to these major media and affinity group
> organizations to help them make their case to adopt OpenID, this is
> a good forum for sharing that content.
> · Case Studies: We need case studies. Nat Sakimura is
> working on enhancing the JAL study with some metrics and Bob Ranson
> of 4H offered to do one once they are live. Who else can we get data
> from? SourceForge, Plaxo, OxFam, CNN, Google Blogger, AOL
> properties - anyone know of some RPs who have had good results so
> far? I am working on a case study with the CTO of PropertyMaps.com
> who has blogged about significant additional registrations and
> logins via OpenID. We really need to start cranking these out.
> This will help address part of the ROI questions from above.
> · Deployment Checklists: We need to provide better guidance
> to prospective RPs on how to deploy OpenID, integrate it with their
> existing registration systems, deploy an intuitive and industry
> standard UX experience, manage OpenID related data, etc. Joseph
> Smarr of Plaxo created a good baseline some time ago, but it’s now
> out of date and not as complete as most RPs would like. Any
> suggestions on how we get this done? Any volunteers?
> · Customer Interviews: The Customer Research Committee has
> retained Rosemary Remacle of Market Focus to do up to 15 additional
> “voice of the customer” interviews. She’s looking for introductions
> to organizations and people who would have useful perspectives on
> how to accelerate adoption and usage of OpenID. In particular, we’d
> like introductions to other major media companies that weren’t
> present at the NYC session including. If you have contacts at any
> of these firms, please contact Rosemary (rosemary at mktfocus.net) or
> Johannes Ernst who is managing this project.
> o Gannett, Washington Post, CBS, NBC, ABC, Fox, Disney, Viacom,
> Tribune, Sony, McClatchy, EW Scripps, Dow Jones, Liberty Media, IDG,
> McGraw-Hill, Monster, Sinclair Broadcast, CareerBuilder, IAC/
> InterActiveCorp, Community Newspaper Holdings, United Online,
> Gemstar-TV Guide, Sun-Times Media Group, Forbes Media, CMP
> Technology (United Business Media), American Express Publishing,
> CNET Networks
> o Are there others that we should be targeting for these interviews?
> · User Experience: We really need to address this issue of
> UX since it’s a game changer. While Vidoop is taking the lead on
> working with other OIDF members to create the FireFox browser plug-
> in, that is a longer term initiative and IMHO we need something
> sooner. Here are some possible suggestions:
> o Major OP Collaboration on UX. At the session both Yahoo and
> Google shared some data, observations, and recommendations on how to
> improve UX. If Yahoo, AOL, Google, and MySpace can all agree on
> some general guidelines to allow RPs to offer intuitive, compelling,
> and consistent user experiences, that would be a huge win. I know
> that some of the aforementioned have already started discussions on
> UX. How do we accelerate this and produce either a “de facto
> standard” or some kind of OIDF guidelines for OPs and RPs to achieve
> the best UX and customer adoption? In any case, we should include
> large, market moving prospective RPs like the ones who attended the
> NYC session in the discussion. It’s not a win if all the OPs agree
> to something that RPs aren’t going to deploy and promote and end
> users don’t embrace. We think we now have a critical mass of
> interested content provider RPs that we can collaborate with on this.
> o Education. If we’re going to come up with some de facto
> standards or OIDF endorsed guidelines, we then need to educate RPs
> and end users. Even if we’re not going to do that, we need to
> decide where the most confusion and frustration is today w.r.t. UX
> and do what we can to educate RPs and end users how to leverage the
> benefits of OpenID, whether or not the OpenID “brand” is part of the
> mix.
> o Examples. However we decide (or don’t decide) to proceed, we
> need to be able to point RPs and end users to websites that we think
> represent “good” (if not best practice) deployments of OpenID and
> highlight the aspects of the reference deployments that help drive
> adoption and usage.
> · Data. This appears to be a mission critical topic. We
> need to figure out how the major OPs can start providing the data
> that major RPs want/need in order to implement OpenID. As in the UX
> discussion above, perhaps the major OPs can collaborate
> (independently or in the context of an appropriate OIDF committee)
> to set standards for data sharing via the various available
> mechanisms (SREG, AX, OAuth, Portable Contacts, TX, etc.)
> · OpenID Brand. The OIDF needs to address the
> aforementioned B2B and B2C brand questions and come up with a
> definitive position on each to address market needs and set
> expectations. Perhaps we should have one committee for B2B and
> another for B2C to make recommendations on exactly what the OIDF and
> member companies should do w.r.t. the role OIDF plays in the areas
> of interest expressed by the Content Providers.
> · Trust/Assurance & Business Rules/Templates/Frameworks.
> This appeared to be a second order concern with UX and data
> availability being the top issues, but will likely be the logical
> next step whenever authentication assurance is required for more
> sensitive transactions or richer data is being transferred. Some
> work has been done with PAPE and TX to head in this direction, but
> there is still a lot more we need to do. Several people from the
> Liberty/SAML/WS-Fed camp have suggested benchmarking what these
> organizations have developed to determine if we can create lighter
> duty (and hopefully compatible) versions of their models that are
> more appropriate for the OpenID ecosystem. Not sure if there is an
> existing committee that’s well positioned to address this (Tony
> Nadalin and the Security Committee?) or whether another committee
> should be formed for this. But this is something that will need to
> be addresses in short order after UX and data availability, and
> given the complexity of the issues, we probably need to get started
> on it right away. Any volunteers to come up with a recommended game
> plan?
>
> Any other comments or recommendations from those who attended the
> session?
>
> Cheers,
>
> Brian
> OpenID Foundation Customer Research and Marketing Committees
> ___________
>
> Brian Kissel
> CEO, JanRain - OpenID-enable your websites, customers, partners, and
> employees
> 5331 SW Macadam Ave., Suite 375, Portland, OR 97239
> Email: bkissel at janrain.com Cell: 503.866.4424 Fax:
> 503.296.5502
>
> Get your FREE OpenID at myOpenID.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3474 (20080926) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3481 (20080929) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3483 (20080930) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20080930/a6436919/attachment-0002.htm>
More information about the board
mailing list