[OpenID] Identity in the browser - IDIB

[Dick Hardt]

On 8-Aug-08, at 2:54 PM, SitG Admin wrote:

>> Having the extension detect that the site I am on could be an OP  
>> would be more interesting.
>
> It could also be more confusing, with the large and growing number  
> of sites acting as OP's; they go to one site, get a notification  
> that they can use it as their OP, say "okay", maybe set things up;  
> next site, they get the same offer, and so on :(

... and the problem is? ... they are becoming aware they have choice  
in OP.  An irritating pop clearly is not the way to do the UX here --  
but a notification bar that you can send away declining the offer is  
pretty simple.

>
>
>> The user not needing to know their identifier(s) can dramaticly  
>> simply the user experience
>
> It can also endanger their privacy. If the user isn't aware that  
> they're posting, say, the URI to their photo collection (if that's  
> the OP they settled on using when the extension installed and began  
> detecting their possible OP's), they may go ahead and begin using it  
> everywhere. Or, if their E-mail address (real first/last name?) maps  
> to a default URI of the same (first/last name), they've suddenly  
> given away a lot more than they may have been aware was even possible.

There are a number of issues to solve with OpenID. Agreed that if the  
user is given a URI that has other meaning and they do not realize  
they  are handing out other information when they are handing that  
out, that is a problem.

Yahoo! opted to make the URIs opaque which I thought was a great idea,  
but also meant the user would not know what they were.

btw: what else is given away with an identifier is why emails are a  
BAD idea to be the OpenID identifier.

-- Dick