[OpenID] OpenID and SSO
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Jul 1 08:47:26 UTC 2008
>Users do not want to login. Really, they don't.
>
>Therefore you can measure the success of SSO by counting the dissapearing
>login "buttons" or "links" on websites who do offer user centric (profiling)
>services.
A vital question here, then, is whether the user values privacy
enough to forgo this level of convenience. Short of opting to
automatically grant all RP requests (and never prompt user for
re-authentication to the OP - it can still expire, just don't bother
the *user* with renewing it), there is no way to "intelligently"
practice selective login for the user.
>"Click to proceed", yes,
There shouldn't even be that, though. Just go to the site and see the
page. No matter how much you abstract the process of authenticating,
if they have to take steps to have the service recognize them then
it's a login.
-Shade
More information about the general
mailing list