[Specs-ui] [OIDFSC] Draft OpenID 2.x User Experience working group charter

Henrik Biering hb at netamia.com
Tue Jun 1 17:37:20 UTC 2010


+1

If OpenID is intended to cover needs other than near zero security 
social networks, it is essential - also from a branding perspective - 
that we take a holistic perspective on the authentication use cases, 
covering various initial login scenarios as well as stepping up from a 
lower to a higher authentication level.

Currently many potential RP organizations are basing their evaluation of 
OpenID on a few peoples personal use of the larger existing providers, 
which makes it an uphill battle to convince these organizations that 
OpenID may also aim at applications with higher security requirements.

Maybe Robert Ott's presentation "OpenID in conjunction with Strong 
Authentication (OTP, YubiKey, Biometrics, iPhone, Certificates, 
SuisseID)" at the upcoming OpenID Summit in London next week can 
stimulate this discussion. https://wiki.openid.net/2010-OpenID-Summit-EU

=henrik



Mike Jones skrev:
>
> Hi Chris,
>
>  
>
> Thanks for getting this out.
>
>  
>
> In my view, you should leave support for active clients in scope for 
> consideration by the working group since having an active client 
> definitely should impact the RP user experience.  For instance, if you 
> have identity in the browser, you probably want the RP to be aware of 
> it and delegate some or all of the identity UX to the active client, 
> rather than handling it itself by putting up a NASCAR screen, etc.
>
>  
>
>                                                             Thanks,
>
>                                                             -- Mike
>
>  
>
> *From:* openid-specs-ui-bounces at lists.openid.net 
> [mailto:openid-specs-ui-bounces at lists.openid.net] *On Behalf Of *Chris 
> Messina
> *Sent:* Monday, May 31, 2010 4:40 PM
> *To:* Dick Hardt
> *Cc:* specs-council at openid.net; openid-specs at lists.openid.net; 
> specs-ui at lists.openid.net
> *Subject:* Re: [Specs-ui] [OIDFSC] Draft OpenID 2.x User Experience 
> working group charter
>
>  
>
> No, there hasn't been any consensus about renaming it. I'm putting it 
> out there as a draft for discussion.
>
>  
>
> I'll take that as one vote for keeping that line in the charter. 
> Looking forward to other feedback!
>
>  
>
> Chris
>
>  
>
> On Mon, May 31, 2010 at 4:28 PM, Dick Hardt <dick.hardt at gmail.com 
> <mailto:dick.hardt at gmail.com>> wrote:
>
> Chris, 
>
>  
>
> I have not seen any consensus to renaming v.Next to 2.x. Having said 
> that, I don't think this WG needs to have a version does it?
>
>  
>
> I think this work would be really useful to the full spectrum of clients.
>
>  
>
> -- Dick
>
>  
>
>  
>
> On 2010-05-31, at 3:27 PM, Chris Messina wrote:
>
>
>
> Mike Jones prepared the initial version of this charter, and I took 
> the liberty of renaming v.Next to 2.x, and made compatibility with 2.x 
> an explicit goal of this work.
>
>  
>
> I'm reluctant of the applicability of this work to active clients and 
> have subsequently removed this line:
>
>  
>
> ·        produce user experience guidelines for supporting for a 
> spectrum of clients, including passive clients per current usage, thin 
> active clients, and active clients with OP functionality,
>
>  
>
> Feedback welcome.
>
>  
>
> Chris
>
>  
>
> *(a)  /_Charter_/.*
>
> *(i)*       *WG name:*  OpenID 2.x User Experience.
>
> *(ii)*      *Purpose:*  Produce a user experience specification or 
> family of specifications for OpenID 2.x that address the limitations 
> and drawbacks present in the OpenID 2.0 that limit OpenID's 
> applicability, adoption, usability, privacy, and security. Specific 
> goals are:
>
> ·        produce user experience guidelines for less intrusive 
> authentication user experiences than full-page browser redirect,
>
> ·        produce user experience guidelines for controlled and 
> uncontrolled release of attributes,
>
> ·        produce user experience guidelines for use of identities and 
> attributes by non-browser applications,
>
> ·        produce user experience guidelines for optimized protocol 
> flows combining authentication, attribute release, and resource 
> authorization,
>
> ·        produce user experience guidelines for use of OpenID on 
> mobile devices,
>
> ·        seamlessly integrate with and complement the other OpenID 2.x 
> specifications.
>
>  
>
> Compatibility with OpenID 2.x is an explicit goal for this work.
>
>  
>
> *(iii)*     *Scope:*  Produce a current generation OpenID user 
> experience specification or specifications, consistent with the 
> purpose statement.
>
> *(iv)*     *Proposed List of Specifications*:  OpenID 2.x User 
> Experience and possibly related specifications.
>
> *(v)*      *Anticipated audience or users of the work:*  Implementers 
> of OpenID Providers, Relying Parties, Active Clients, and non-browser 
> applications utilizing OpenID.
>
> *(vi)*     *Language in which the WG will conduct business*:  English.
>
> *(vii)*    *Method of work:  *E-mail discussions on the working group 
> mailing list, working group conference calls, and face-to-face 
> meetings at the Internet Identity Workshop and OpenID summits.
>
> *(viii)*   *Basis for determining when the work of the WG is 
> completed:*  Work will not be deemed to be complete until there is a 
> consensus that the resulting protocol specification or family of 
> specifications fulfills the working group goals.  Additional proposed 
> changes beyond that initial consensus will be evaluated on the basis 
> of whether they increase or decrease consensus within the working 
> group.  The work will be completed once it is apparent that maximal 
> consensus on the draft has been achieved, consistent with the purpose 
> and scope.
>
> *(b)  /_Background Information_/.*
>
> *(i)*       *Related work being done in other WGs or organizations*:  
> Draft User Interface (UI) Extension 
> <http://wiki.openid.net/OpenID-User-Interface-Work-Group-Proposal>. 
> Kantara Universal Login Experience (ULX) 
> <http://kantarainitiative.org/confluence/display/ulx/>working group. 
> RPX product design <http://rpxnow.com/>. Facebook Authentication 
> Guidelines <http://developers.facebook.com/docs/authentication/>. 
> Google user authentication research 
> <http://sites.google.com/site/oauthgoog/UXFedLogin>.
>
> *(ii)*      *Proposers:*
>
> Chris Messina, chris.messina at gmail.com 
> <mailto:chris.messina at gmail.com> (chair)
>
> Dick Hardt, dick.hardt at gmail.com <mailto:dick.hardt at gmail.com>
>
> /Additional proposers to be added here/
>
> *(iii)*     *Anticipated Contributions*:  None.
>
>
> -- 
> Chris Messina
> Open Web Advocate, Google
>
> Personal: http://factoryjoe.com <http://factoryjoe.com/>
> Follow me on Buzz: http://buzz.google.com/chrismessina
> ...or Twitter: http://twitter.com/chrismessina
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
>  
>
>
>
>
> -- 
> Chris Messina
> Open Web Advocate, Google
>
> Personal: http://factoryjoe.com
> Follow me on Buzz: http://buzz.google.com/chrismessina
> ...or Twitter: http://twitter.com/chrismessina
>
> This email is:   [ ] shareable    [X] ask first   [ ] private
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100601/3a221098/attachment.html>


More information about the specs mailing list