[OpenID] About Facebook, MySpace and OpenID

John Bradley john.bradley at wingaa.com
Fri Apr 3 19:50:14 UTC 2009 

Hi Breno,

I will grant you that the choice google has made to deny returning  
optional claims to the RP without a user dialog makes the UI simpler.

The problem for RPs is that they may still be willing to accept the  
login without the email and collect or verify the email in some other  
manner.
As other AX claims start getting used this becomes more of an issue.

 From a RP point of view OP's dealing with AX requests in a consistent  
way is a requirement.

They now have no way of asking for optional claims for form filling  
during account creation etc if OPs take your approach.

If the issue is a reluctance to give the user fine grained control  
over the AX attributes returned, I could live with a compromise.

The "This site is requesting access to additional information listed  
below"  is missing some urgency in my opinion.

It needs to be clear that the information will be returned to the RP.

At the moment you have two options "Continue Signin" and "Cancel".

Changing that to "Signin with all requested information" , "Signin  
with only required information" , and "Cancel"

The optional and required elements above need to be differentiated in  
some way.

This would reduce the number of check boxes and maintain the spirit of  
AX optional vs required claims.

The oAuth + openID solution you are working on is good but perhaps  
overkill for smaller RPs.

I would like to find a way that AX can work with a consistent claim  
set in a predictable way.

By the way we don't have the Google OP listed as a OSIS participant,   
we have Blogger but not the new OP.

Let me know if you want to participate in I5 this year.

I am happy to work on AX issues with you, though UX is not my area of  
expertise as you know:)

Regards
John Bradley


On 3-Apr-09, at 11:31 AM, Breno de Medeiros wrote:
>
<Snip>

>
> What OPs need to do:
> Vidoop:  Nothing works now
> MyOpenID:  Get with the program and support the standard claim URI.,  
> otherwise it would work now.
> Google:  Stop ignoring AX requests that are not marked required.    
> The word doesn't revolve around you.
>
> Well, should the world revolve around the users? They keep telling  
> anyone who would listen that they don't like checkboxes.  Checkboxes  
> are also terrible for accessibility.
>
> Suggestions appreciated.
>
>
> MySpace: Support AX please
> AOL:  Support openID 2.0 + AX
> Yahoo:  Support AX
>
> OP's have had the specs and tools to do this for a long time now.   
> It is not like we need to invent something new.
>
> Lets get what we have working well,  please.
>
> Regards
> John Bradley
>
>
>
> T-8) / PDT(GMT-7)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090403/cb38c2d2/attachment-0002.htm>

More information about the general mailing list