[OpenID] Clickpass: Making OpenId easier
Martin Atkins
mart at degeneration.co.uk
Fri Mar 14 08:55:19 UTC 2008
Immad Akhund wrote:
> Hi,
>
> I am Immad, CTO of Clickpass. We just launched today, and I would love
> to get feedback from you guys. I am sure many of you would have already
> seen it, but if you haven't this is Clickpas;
>
> http://www.clickpass.com (tc:
> http://www.techcrunch.com/2008/03/11/clickpass-could-change-the-way-you-surf-the-web/)
>
Hi Immad,
I actually spent some time looking at Clickpass yesterday, though I
hadn't yet seen this thread so instead I posted what I think in
retrospect is an overly-emotional blog entry[1].
I'll restate some of my main concerns here more succinctly.
As far as I can tell, you actually have two basically-separate products:
an OpenID 1.1 provider, and some reusable enrollment UI.
Regarding the OpenID Provider:
* I strongly encourage you to implement OpenID 2.0 and use directed
identity to implement your login button. This will make it easier for
sites to accept your users without entering an explicit partnership with
you.
* I also encourage you to implement the Simple Registration Extension
so that sites do not have to create a special-case endpoint in order to
give your users a good enrollment experience. Many sites already have
the machinery in place to support SREG; you can, of course, still
support your proprietary registration protocol for sites that do not
implement SREG.
* You could do with some minimal instructions at your site telling
your users how to deal with login forms that are not specifically
Clickpass-enabled. Unless you're planning to parter with every RP under
the sun, your users are going to encounter this eventually.
Regarding the enrollment UI:
* PLEASE find a way to do the account linking thing that doesn't
involve asking users to enter their RP credentials on *your* domain.
[1] http://www.apparently.me.uk/13547.html
More information about the general
mailing list