[OpenID board] Update to BOD on NYC OpenID Content Provider Advisory Committee Seminar
Johannes Ernst
jernst at netmesh.us
Tue Sep 30 18:06:50 UTC 2008
Brian,
I think I speak for everybody on the board when I say that we've been
very impressed by the very substantial group of content providers that
you attracted, and the hard work you put in to make this happen. Thank
you! Other than initiating a community of potential OpenID adopters in
an important vertical, judging from the list below, the results gained
so far are also already very valuable to inform the foundation's
strategy and priorities going forward.
I wholeheartedly support your proposal to officially charter the group
as OpenID Foundation's Content Provider Advisory Committee (or a name
like this). I will make a motion to that effect at the next board
meeting. And unless you object, I'd like to nominate you as the chair
of that committee.
As more of us looking at OpenID from a business rather than technology
perspective, chances are we would like to create more advisory
committees in additional verticals. (Like e-commerce, which has been
mentioned before.) Let's use this as inspiration for others who step
up in other verticals.
Certainly, for us on the customer research committee, it makes life
much easier!
Also thanks to Zac and the BBC without whose support and inspiration
this might not have happened.
Again, thank you!
Cheers,
Johannes.
On Sep 30, 2008, at 10:23 , Brian Kissel wrote:
> Hello All,
>
> As I think everyone knows, the BBC hosted and JanRain coordinated a
> full day meeting of several OPs and large Content Provider
> organizations in NY City. This was billed as a kickoff meeting for
> an “OpenID Content Provider Advisory Committee.” Here are some
> highlights from the event:
>
> Summary:
>
> · There were 26 participants from 18 organizations including
> 8 OPs and 8 RPs. Time Inc. sent 4 representatives, NY Times and BBC
> sent 3 each, and NPR sent 2. All the confirmed participants except
> SonyBMG attended which we think is indicative that there is serious
> interest on the part of the Content Provider community in OpenID.
>
> <image002.jpg>
>
> · Topics discussed included:
> o Business case for OpenID – use cases and economic impact
> o Best practices for OpenID Providers (OPs) w.r.t. UX, data
> support, security, features
> o Best practices for OpenID Relying Parties (RPs) w.r.t. UX, data
> support, security, features
> o Optimal Content Provider user experience
> o Data Management – sources, integration, industry specific data,
> accuracy, security & trust
> o Coming Enhancements – PAPE, Oauth, Portable Contacts, MySpace
> DA, browser integration
> · Zac Bjelogrlic of the BBC gave the welcoming introduction
> and made a compelling case that a core group of OPs and RPs should
> come together to define how OpenID can be a great opportunity for
> Content Providers and determine how OpenID needs to evolve to
> realize that potential
> · Yahoo, Google, and MySpace all presented information about
> their OP services, thoughts on User Experience & Lessons Learned,
> and some future plans. AOL will also be providing information along
> these lines to share with the RP participants.
> · National 4-H presented a summary of an OpenID-based
> integrated National, State, and Local web platform that they will be
> deploying in the coming months.
> · We shared the case study that Nat Sakimura has created for
> Japanese Airlines (JAL) federated partner commerce using OpenID with
> the proposed Trusted Data Exchange (TX) extension that NRI has been
> developing.
> · There was extensive discussion between existing and
> potential RPs and the OPs about what it would take for faster and
> broader adoption of OpenID in the Content Provider community.
> · The session was moderated and feedback captured by
> Rosemary Remacle of Market Focus, a strategic marketing consulting
> firm who will be doing some follow on customer research.
>
> High Level Feedback:
>
> · User Experience. Everyone agreed that the current user
> experience models that are being tried are not working. For all but
> the tech savvy, users don’t get what OpenID is or how to use it,
> even after they have been educated (Yahoo case study). In some
> cases, adding an OpenID option to a login page actually reduced
> successful login rates. A few of the general themes:
> o There is no consistency among OPs on how they handle
> authentication and interplay with the RP, which makes it hard for
> RPs to accept multiple OPs and still provide a consistent user
> experience
> o There is no consistency among RPs, so end-users get confused
> when each website offering OpenID does it a different way
> o Users don’t get the notion of a URL as a login credential, don’t
> know why there isn’t a password
> o For some RP/OP sequences there are too many redirections and
> sequential clicks, users get lost and confused
> o General acknowledgement that there hasn’t been much end user
> education yet (by OPs or RPs), and that may help, but overall the UX
> has to be improved as well
> o Some discussion about whether end users even need to know that
> OpenID is providing SSO, or whether it might be better to abstract
> the functionality in some way to a paradigm users understand – email
> address (Google draft proposal would extract OPs domain from the
> email address then authenticate via directed identity), visual icons
> for major OPs (AOL, Yahoo, Google, MySpace, etc. – the SourceForge
> approach), integration into the browser, selectors (like ClickPass
> and ID Selector), etc.
> · Data – None of the major content providers in attendance
> appeared to interested in OpenID until major OPs start using SREG,
> minimum data is email address and DOB (age), though most would like
> all the SREG data. Most were also very interested in data beyond
> SREG: AX, OAuth, Portable Contacts, MySpace Data Availability, etc.
> · Trust/Assurance – RPs want to know that they can rely on
> any given OP for user authentication and/or the corresponding end-
> user data. What are the mechanisms to achieve this?
> · Security – Standard concerns about phishing and protecting
> end user data. Interestingly, when surveyed across 13 possible
> topics to discuss at the session, Security only came in at # 7
> · ROI – What are the quantitative benefits and what are the
> costs associated with implementing OpenID? Some, like NPR, said
> that even if the upside isn’t proven, if they can be certain there
> isn’t any downside (Yahoo and Google presented data that if done
> improperly, OpenID actually reduces registration and login) and the
> cost is low, they would be willing to deploy it since they can
> qualitatively project how OpenID will be of value to them and their
> customers long term. General agreement that case studies and
> industry data would be helpful with this.
> · Business rule templates for RP/OP and federated RP/RP
> interactions. Suggested that the OIDF should come up with these,
> akin to what Liberty and SAML provide.
> · OpenID Brand. There was an interesting discussion on
> whether OpenID was a B2B or B2C brand, or both. It appeared that
> the Content Providers wanted OpenID to be a B2B brand at a minimum
> so they could count on something around OpenID. They felt that
> there was a role for the OIDF to play in defining best practices for
> OPs and RPs in UX, authentication, attribute assurance, privacy,
> security, data management, etc. as well as possibly “validating/
> certifying” some key elements of the ecosystem, whitelist/blacklist
> services, legal frameworks, etc. On the B2C side it was less clear
> that the Content Providers thought there was as compelling a role
> for the OpenID brand – that is, it wasn’t clear that “login with
> your OpenID” was necessarily the right way to go. The underlying
> functionality was good, just not clear that the branded UX
> implementation was optimal – first priority should be ease of use
> and adoption, not the brand.
>
> Possible Next Steps:
>
> · OIDF Foundation Support: OpenID Foundation should charter
> this group as the “Content Provider Advisory Committee to the OpenID
> Foundation” – everyone in support of this? Seems that the Customer
> Research Committee (CRC) should continue to drive this advisory
> committee and explore whether other advisory committee segments
> should be pursued.
> o Volunteers? The official Customer Research Committee (CRC) is
> Johannes Ernst, Scott Kveton, Raj Mata, and Brian Kissel. If there
> are others that would like to be more involved, please let us know,
> we need the help.
> · Discussion Website: A Google Group was created to post
> the various presentations and links that were discussed at the
> session. Additionally, several discussion threads were created to
> allow participants to continue the dialog on various topics of
> interest. Currently there are 26 people registered on this site.
> If you’d like an invitation, just send me the email address you’d
> like to log in with. If you already have an email account confirmed
> with Google Groups, that’s the best one to use. If you have content
> that would be of interest to these major media and affinity group
> organizations to help them make their case to adopt OpenID, this is
> a good forum for sharing that content.
> · Case Studies: We need case studies. Nat Sakimura is
> working on enhancing the JAL study with some metrics and Bob Ranson
> of 4H offered to do one once they are live. Who else can we get data
> from? SourceForge, Plaxo, OxFam, CNN, Google Blogger, AOL
> properties - anyone know of some RPs who have had good results so
> far? I am working on a case study with the CTO of PropertyMaps.com
> who has blogged about significant additional registrations and
> logins via OpenID. We really need to start cranking these out.
> This will help address part of the ROI questions from above.
> · Deployment Checklists: We need to provide better guidance
> to prospective RPs on how to deploy OpenID, integrate it with their
> existing registration systems, deploy an intuitive and industry
> standard UX experience, manage OpenID related data, etc. Joseph
> Smarr of Plaxo created a good baseline some time ago, but it’s now
> out of date and not as complete as most RPs would like. Any
> suggestions on how we get this done? Any volunteers?
> · Customer Interviews: The Customer Research Committee has
> retained Rosemary Remacle of Market Focus to do up to 15 additional
> “voice of the customer” interviews. She’s looking for introductions
> to organizations and people who would have useful perspectives on
> how to accelerate adoption and usage of OpenID. In particular, we’d
> like introductions to other major media companies that weren’t
> present at the NYC session including. If you have contacts at any
> of these firms, please contact Rosemary (rosemary at mktfocus.net) or
> Johannes Ernst who is managing this project.
> o Gannett, Washington Post, CBS, NBC, ABC, Fox, Disney, Viacom,
> Tribune, Sony, McClatchy, EW Scripps, Dow Jones, Liberty Media, IDG,
> McGraw-Hill, Monster, Sinclair Broadcast, CareerBuilder, IAC/
> InterActiveCorp, Community Newspaper Holdings, United Online,
> Gemstar-TV Guide, Sun-Times Media Group, Forbes Media, CMP
> Technology (United Business Media), American Express Publishing,
> CNET Networks
> o Are there others that we should be targeting for these interviews?
> · User Experience: We really need to address this issue of
> UX since it’s a game changer. While Vidoop is taking the lead on
> working with other OIDF members to create the FireFox browser plug-
> in, that is a longer term initiative and IMHO we need something
> sooner. Here are some possible suggestions:
> o Major OP Collaboration on UX. At the session both Yahoo and
> Google shared some data, observations, and recommendations on how to
> improve UX. If Yahoo, AOL, Google, and MySpace can all agree on
> some general guidelines to allow RPs to offer intuitive, compelling,
> and consistent user experiences, that would be a huge win. I know
> that some of the aforementioned have already started discussions on
> UX. How do we accelerate this and produce either a “de facto
> standard” or some kind of OIDF guidelines for OPs and RPs to achieve
> the best UX and customer adoption? In any case, we should include
> large, market moving prospective RPs like the ones who attended the
> NYC session in the discussion. It’s not a win if all the OPs agree
> to something that RPs aren’t going to deploy and promote and end
> users don’t embrace. We think we now have a critical mass of
> interested content provider RPs that we can collaborate with on this.
> o Education. If we’re going to come up with some de facto
> standards or OIDF endorsed guidelines, we then need to educate RPs
> and end users. Even if we’re not going to do that, we need to
> decide where the most confusion and frustration is today w.r.t. UX
> and do what we can to educate RPs and end users how to leverage the
> benefits of OpenID, whether or not the OpenID “brand” is part of the
> mix.
> o Examples. However we decide (or don’t decide) to proceed, we
> need to be able to point RPs and end users to websites that we think
> represent “good” (if not best practice) deployments of OpenID and
> highlight the aspects of the reference deployments that help drive
> adoption and usage.
> · Data. This appears to be a mission critical topic. We
> need to figure out how the major OPs can start providing the data
> that major RPs want/need in order to implement OpenID. As in the UX
> discussion above, perhaps the major OPs can collaborate
> (independently or in the context of an appropriate OIDF committee)
> to set standards for data sharing via the various available
> mechanisms (SREG, AX, OAuth, Portable Contacts, TX, etc.)
> · OpenID Brand. The OIDF needs to address the
> aforementioned B2B and B2C brand questions and come up with a
> definitive position on each to address market needs and set
> expectations. Perhaps we should have one committee for B2B and
> another for B2C to make recommendations on exactly what the OIDF and
> member companies should do w.r.t. the role OIDF plays in the areas
> of interest expressed by the Content Providers.
> · Trust/Assurance & Business Rules/Templates/Frameworks.
> This appeared to be a second order concern with UX and data
> availability being the top issues, but will likely be the logical
> next step whenever authentication assurance is required for more
> sensitive transactions or richer data is being transferred. Some
> work has been done with PAPE and TX to head in this direction, but
> there is still a lot more we need to do. Several people from the
> Liberty/SAML/WS-Fed camp have suggested benchmarking what these
> organizations have developed to determine if we can create lighter
> duty (and hopefully compatible) versions of their models that are
> more appropriate for the OpenID ecosystem. Not sure if there is an
> existing committee that’s well positioned to address this (Tony
> Nadalin and the Security Committee?) or whether another committee
> should be formed for this. But this is something that will need to
> be addresses in short order after UX and data availability, and
> given the complexity of the issues, we probably need to get started
> on it right away. Any volunteers to come up with a recommended game
> plan?
>
> Any other comments or recommendations from those who attended the
> session?
>
> Cheers,
>
> Brian
> OpenID Foundation Customer Research and Marketing Committees
> ___________
>
> Brian Kissel
> CEO, JanRain - OpenID-enable your websites, customers, partners, and
> employees
> 5331 SW Macadam Ave., Suite 375, Portland, OR 97239
> Email: bkissel at janrain.com Cell: 503.866.4424 Fax:
> 503.296.5502
>
> Get your FREE OpenID at myOpenID.com
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3474 (20080926) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3481 (20080929) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 3483 (20080930) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
> _______________________________________________
> board mailing list
> board at openid.net
> http://openid.net/mailman/listinfo/board
Johannes Ernst
NetMesh Inc.
http://netmesh.info/jernst
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20080930/1373c1d4/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openid-relying-party-anonymous.gif
Type: image/gif
Size: 903 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20080930/1373c1d4/attachment-0004.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lid.gif
Type: image/gif
Size: 977 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-board/attachments/20080930/1373c1d4/attachment-0005.gif>
More information about the board
mailing list