[OpenID] An alternative OpenID UX

Rabbit rabbit at cyberpunkrock.com
Tue Apr 14 21:57:05 UTC 2009


On Apr 14, 2009, at 5:11 PM, Martin Atkins wrote:
>
> * RPs presumably want to create a good user experience, so they're  
> under pressure to accept login from popular OPs that their users are  
> likely to use. In particular, it's unlikely that any RP would  
> deliberately exclude Google, Yahoo!, Microsoft and so forth. Since  
> most users are going to be using a large provider, most users  
> wouldn't be affected by such whitelisting.
>

Which also presents a problem when the RP wants to require a policy  
that the big players don't follow. Seems to me policy requirements  
should be relaxed upon entry and rely upon out-of-band solutions to  
pick up where policy compliance left off. In the verified e-mail  
example, the RP can trust that certain OPs have supplied a verified e- 
mail while for others the User is shown "You're e-mail must be  
verified. Click here" but in both cases, the User is still allowed to  
choose their OP. This is analogous to progressive enhancement  
techniques employed in web design.

=Rabbit



More information about the general mailing list