Interruptions in authentication process

Breno de Medeiros breno at google.com
Mon Jan 11 23:01:39 UTC 2010


For many RPs, if user starts processes A or C (with regards to their
in-house login system), I assume it'd still be often the case where
the user will have to re-start the process from the original context.

Case B is more interesting as it raises issues exclusive to use of a
(open) federated login system.

On Mon, Jan 11, 2010 at 14:44, Alex Barth <alex at developmentseed.org> wrote:
>
> In the course of ironing out workflows between OpenID provder and OpenID
> relying parties it I am facing usability problems that I'd like to submit
> here to the attention of some more experienced OpenID developers than I am.
>
> I am interested in any feedback, pointers to existing conversations,
> sections in current and future specs that I may have overlooked etc.
>
> Here is the problem: There are some actions that can occur during
> authentication where a user can fall through the cracks:
>
> A User is redirected with an authentication request from RP to OP, requests
> a new password on OP, email client opens different browser for a one time
> password reset link embedded in the email.
> B User is redirected with authentication request from RP to OP, but would
> like to log in with different user than the one currently authenticated on
> OP, user is logged out and session is deleted.
> C RP offers OP as identity provider, user selects OP, is redirected with
> authentication request to OP. User does not have an account yet, creates
> one, confirms email address, but again, email client opens different browser
> (similar to A).
>
> In all of these scenarios the user's session and with it her authentication
> request is lost - the authentication process is stuck in its tracks.
>
> Is the assessment of the problem flawed? Is there a solution in the specs
> that I am overlooking?
>
> Thank you for your input.
>
> Alex Barth
> http://www.developmentseed.org/blog
> tel (202) 250-3633
>
>
>
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>



-- 
--Breno

+1 (650) 214-1007 desk
+1 (408) 212-0135 (Grand Central)
MTV-41-3 : 383-A
PST (GMT-8) / PDT(GMT-7)


More information about the specs mailing list