Using email address as OpenID identifier
George Fletcher
gffletch at aol.com
Wed Apr 2 12:41:30 UTC 2008
Dick Hardt wrote:
>
> On 1-Apr-08, at 11:15 PM, Paul E. Jones wrote:
>> Dick,
>>
>> I’ll give you that one: that’s certainly easier. But, does not cause
>> some confusion? After all, one’s identity is not yahoo.com, but that
>> is the identity provider. Perhaps the prompts around the Internet
>> ought to Say “OpenID Provider:” instead? :-)
>
> :-) ... that label would be more accurate. There is lots of work to be
> done to make OpenID simpler for users. I think that what will be easy
> for users is something provided by the browser that lets the user
> click to initiate a login or registration. No typing is better then
> any typing! Back when we started working on the protocols we could not
> expect this kind of functionality to be in the browsers. Now that
> awareness is higher, having it built into the browser is feasible. I
> of course am biased given the work we have done with Sxipper
> http://sxipper.com :)
For the majority of users, this is probably the most likely path of
introduction to OpenID. Note that it's not just about allowing the user
to do something with one click, but also about being proactive and
informing the user that they can login to a site with an identity they
already have. This can be as simple as telling the browser "identity
agent" (e.g. sxipper) which email addresses the user has and letting the
identity agent figure out which OpenID's the user has that they don't
even know about.
I think relying party sites that support OpenID could do more to make it
clear on their home pages that they support OpenID (as often it's hidden
behind another click). This could be as simple as some <link> tags that
advertise support for OpenID. Maybe a <link> to the XRDS doc describing
the services of the site. Then the identity agent can discover the
relying party OpenID return_to endpoint and log the user in directly.
Can be used to solve a phishing problem and makes the experience easy
for the user.
Some related thoughts ....
http://practicalid.blogspot.com/2007/06/clients-to-rescue.html
http://practicalid.blogspot.com/2007/06/passive-identity-meta-system-markup.html
Thanks,
George
More information about the specs
mailing list