[OpenID] Fwd: Excellent critique of OpenID usability

Ben Bangert ben at groovie.org
Sat Aug 18 23:48:05 UTC 2007 

On Aug 17, 2007, at 2:16 PM, Gabe Wachob wrote:

> I see these complaints about OpenID.net not being understandable to  
> end users and I totally agree with that assessment. But that was  
> never the goal, and I think simply slapping up a list of openid  
> providers would be inadequate.
>
While the thought of telling people to do a Google search for "openid  
providers" (as Tom's draft document mentions) sounds somewhat good, I  
think it'd be a pretty horrid user experience compared to just having  
a list of "the big" providers. Consider the vast amount of non-openid  
provider links that could appear at the top depending on what article/ 
blog posting/feed/site has the best google rank for the week. It  
could take them awhile to find an actual openid provider to use.

Right now when I do a google search, about 1/2th the links are openid  
provider related (development, news, feeds), while the other half  
appear to be actual openid providers. I would not want to put the  
burden of sorting that out to an end-user like my parents.

> OpenID is a protocol, not an service offering or even a technology  
> that a user can use directly. Hence, I don’t see why (as OpenID,  
> the protocol) should be marketed or even explained to end-users,  
> IMHO. W3C doesn’t market HTTP to end users, it markets the web (to  
> the extent it markets to end users at all). This is like promoting  
> the web by putting up links to web servers and web hosting companies.
>
This analogy is rather flawed. OpenID is not *just* a protocol, its  
an entire brand for a different way of sign-in. I can tell you to go  
to a website without saying "HTTP" (mainly cause users rarely have to  
type it), but you cannot ask me to login using OpenID, without saying  
"OpenID". Unless the marketing list is considering changing the name  
so that you can say, "Signin with your howzadunit" of course.  
Regardless, they will *have* to call it something, and whatever that  
something is, should have a website that explains what it is to end  
users. As long as end-users are asked to sign-in with "OpenID", and  
the first google result for OpenID is openid.net, then openid.net  
should expect its primary audience will be end-users (once it becomes  
truly popular).

> Right now, I’m simply not all that concerned about end-users not  
> understanding openid.net – it was never intended for them, any more  
> than RFC 2616 was intended for users of the web. I think openid RPs  
> and OPs need to describe to their own users what the experience is  
> going to be at *their site* - the bottom line is that the user  
> experience for each RP & OP can vary quite a bit – compare, for  
> example, the user experience on Jyte vs. the user experience on  
> Technorati.
>
As soon as websites say "Sign-in with OpenID", then the OpenID name  
is meant for end-users. If all the websites said, "You must visit  
this using RFC 2616" then a website about RFC 2616 should expect  
primarily end-users should it be popular.

So rather than digging through the marketing list, I don't suppose  
someone can just clarify whether OpenID shall still be presented to  
users as a "Login with OpenID" type text? If so, then unless we're  
assuming there's more OpenID developers than end-users, we should  
assume end-users will be the primary audience of openid.net; which  
means that the critique about openid.net not having useful  
information for users is spot-on.

> So, coming around to the topic, I think it would be useful for the  
> user’s perspective to put together a good presentation/document/ 
> wiki page(s) on user-centric identity (as opposed to a multitude of  
> username/passwords) and how OpenID fits into this space – I’m sure  
> there’s something good out there to start with (or just use)?
>
I think Tom's document is so far excellent, but I really think it  
needs a list of some OpenID providers for the users who don't want to  
have to do a bunch of Google searching just to sign-in. And as long  
as we ask people to sign-in with OpenID, openid.net needs to be ready  
for what the majority of the traffic will be.... end-users.

Cheers,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070818/41ef25d2/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2472 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070818/41ef25d2/attachment-0002.bin>

More information about the general mailing list