[OpenID] Thinking About OpenID.com

Fri Mar 21 07:07:02 UTC 2008

Snorri:

Could you kindly point me to the source of the +40% (French study) internet
user close?

If any other people has similar kind of statistics, it is very helpful for
the community to share.

This is a very powerful tool to persuade the potential RPs. If we can show
that OpenID will improve the conversion rate, they will start pouring money
on it.

Nat

2008/3/21, Snorri <snorri at snorri.eu>:
>
>  The best would be to resume the "benefits for the RPs" in 10/12 short
> points with a Marketing/Business language but "neutral" = no subjective
>
> ð  http://www.openideurope.eu/openid/relying-party/
>
>
>
> I would like to add:
>
> - The possibility of having databases always updated (depends on the
> implementation) with the last information of end users, e.g.: My last
> address if I move
>
> - Reduce deaths user accounts; Often users test only once a site but with
> his OP… he can remember that he had already an Return to this site
>
> - +40% (French study) internet user close a site because there are a form,
> OpenID can increase the rate of transformation of a prospect to become a
> customer
>
>
>
> Thoughts? (improve my words :)
>
>
>
> Thank for your participation
>
>
>
> -Snorri
>
>
>
> *De :* general-bounces at openid.net [mailto:general-bounces at openid.net] *De
> la part de* Eddy Nigg (StartCom Ltd.)
> *Envoyé :* jeudi 20 mars 2008 18:20
> *À :* Peter Williams
> *Cc :* general at openid.net
> *Objet :* Re: [OpenID] Thinking About OpenID.com
>
>
>
> +1
>
> --
>
> Regards
>
>
>
> Signer:
>
> Eddy Nigg, StartCom Ltd. <http://www.startcom.org>
>
> Jabber:
>
> startcom at startcom.org
>
> Blog:
>
> Join the Revolution! <http://blog.startcom.org>
>
> Phone:
>
> +1.213.341.0390
>
>
>
>
>
> Peter Williams:
>
> Point 6 is very subjective, judged using the following (subjective)
> criteria.
>
>  10+ years of evidence has shown that consumers are unwilling or unable to
> handle self-signed cert root key download events, being unable or unwilling
> to evaluate the trust providers who assurance underpin the delivery of SSL
> security services. This is likely to extend to the world of https openids, a
> type of openid that our trade association is apparently promoting as a "best
> practice" (a material, legal event, note). Its not clear that consumer will
> be suddenly be able to now determine which providers are capable of
> providing anti-phishing protection.
>
>  Point 7 is perhaps ill advised as a basic rationale for openid adoption
> by RPs.
>
>  Relying parties are inevitably liable for the circumstances of their act
> of reliance on any (security) assertion made by a third party, says this
> non-lawyer. Having admitted an openid to be used to impersonate a subscribed
> user, and upon relying upon a UCI-grade OP's assertion, the RP will surely
> continue to have the full panoply of legal obligations.
>
> Assume for example,  that the RP (e.g. "plaxo") is operating in the state
> of California. Assume also that the RP has account linked one or more of a
> CONSUMER's openids to a single "plaxo" for-fee account (that is subscribed
> to be in good standing),  where we note that "plaxo" is in the normal,
> _dominant_ business-to-consumer legal relationship with the subscriber, as
> assessed under CA criteria. Assume now that the OP involved in the account
> linking is just 1 of several UCI-grade OPs bound by "plaxo" - upon one or
> more constructive acts of reliance involving cert messages and openid auth
> messages -  to this and other subscriber accounts. Assume furthermore that
> "plaxo" is relying upon one or more OPs with whom it has no agreements
> governing the act of reliance. Lets assert now that it is now common public
> knowledge that a given OP has engaged in an improper act, leading to the
> situation that there is a "high level of risk"  that Personal data of a
> "plaxo" subscriber has been compromised. We could ask Plaxo's general
> counsel to volunteer legal advice on a hypothetical: would s/he now feel
> legally obligated under CA law to issue n written letters by US post to all
> "affected" _subscribers_, warning them of the generalized exposure? If so,
> how would one enumerate those who are "affected" in the case of UCI-grade
> openid?
>
>
>
>
>
>
>   ------------------------------
>
> *From:* Chris Drake
> *Sent:* Thu 3/20/2008 3:34 AM
> *To:* Brendon J. Wilson
> *Cc:* general at openid.net
> *Subject:* Re: [OpenID] Thinking About OpenID.com
>
> Hi Brendon,
>
>
>
> Some more suggestions...
>
>
>
> 6) Security - when folks have their fave provider, they're less
>
>    vulnerable to phishing and password hijacking in other forms, not
>
>    to mention, the providers job is to improve in this area too,
>
>    freeing up the RP to ignore this stuff.
>
>
>
> 7) Legal responsibilities - probably not one that Providers are happy
>
>    with, but, it's not the RPs fault if a customer account is
>
>    plundered because of fault with the login system - freeing up the
>
>    RP from the legal liability/responsibility of that issue (eg: the
>
>    customer would sue the Provider, not the RP)
>
>
>
>    Liability is probably different depending on the TOS involved, and
>
>    the country of the customer and provider (and maybe RP) - some
>
>    jurisdictions have laws that forbid the disclaiming of various kinds
>
>    of liabilities.
>
>
>
> Kind Regards,
>
> Chris Drake
>
>
>
>
>
> Thursday, March 20, 2008, 2:53:18 AM, you wrote:
>
>
>
> BJW> +1 Snorri's comment.
>
>
>
> BJW> I've been looking at OpenID for a client, and as I survey the OpenID
>
> BJW> landscape it's become apparent very quickly that there's lots of
>
> BJW> identity providers, but not a lot of relying parties. Any of the big
>
> BJW> players seem to be staying out of that space, with the exception of
>
> BJW> the blog platforms and open source CMS systems. Examples: AOL - only
>
> BJW> Propeller seems to have OpenID as a login option. Yahoo! - haven't
>
> BJW> found an OpenID login yet. All of the focus right now seems to be on
>
> BJW> getting people to get an OpenID.
>
>
>
> BJW> I think any discussion of how to evangelize OpenID to the general
>
> BJW> public also requires the foundation to clearly articulate the value of
>
> BJW> being a relying party, otherwise we risk stalled growth when users
>
> BJW> finally decide to get an OpenID, but have nowhere to use it. JanRain
>
> BJW> claims 8,000 relying parties, but I've seen little justification for
>
> BJW> that number; OpenIDDirectory.com lists about 530 or so OpenID-related
>
> BJW> sites, and 60 or so of them are identity providers. Demonstrating
>
> BJW> value to potential relaying parties also requires showing, in no
>
> BJW> uncertain terms, just how many people already use it.
>
>
>
> BJW> I'd like to propose the following strawman benefits of being a relying
>
> BJW> party for the group to eviscerate (warning: businesspeak ahead):
>
>
>
> BJW> 1) Expedited customer acquisition: OpenID allows user to quickly and
>
> BJW> easily complete the account creation process by eliminating entry of
>
> BJW> commonly requested fields (email address, sex, birthdate), thus
>
> BJW> reducing the friction to adopt a new service.
>
>
>
> BJW> 2) Reduced user account management costs: The primary cost for most IT
>
> BJW> organizations is resetting forgotten authentication credentials. By
>
> BJW> reducing the number of credentials, a user is less likely to forget
>
> BJW> their credentials. By outsourcing the authentication process to a
>
> BJW> third-party, the relying party can avoid those costs entirely.
>
>
>
> BJW> 3) "Thought leadership": There is an inherent marketing value for an
>
> BJW> organization to associate itself activities that promote it as a
>
> BJW> thought leader. It provides an organization with the means to
>
> BJW> distinguish itself from its competitors. This is your chance to
>
> BJW> outpace your competitors.
>
>
>
> BJW> 4) Your competitors are already doing it: Whoops! So you missed out on
>
> BJW> number 4, so you have to do it, otherwise you're falling behind the
>
> BJW> times. Ketchup!
>
>
>
> BJW> 5) Simplified user experience: Logical follow on from 1 & 2. However,
>
> BJW> it's at the end of the list because that's not the business priority.
>
> BJW> The business priority is the benefit that results from a simplified
>
> BJW> user experience, not the simplified user experience itself.
>
>
>
> BJW> Thoughts?
>
>
>
> BJW> Brendon
>
> BJW> ---
>
> BJW> Brendon J. Wilson
>
> BJW> www.brendonwilson.com
>
> BJW> _______________________________________________
>
> BJW> general mailing list
>
> BJW> general at openid.net
>
> BJW> http://openid.net/mailman/listinfo/general
>
>
>
>
>
>
>
> _______________________________________________
>
> general mailing list
>
> general at openid.net
>
> http://openid.net/mailman/listinfo/general
>
>
>
>
>
> ------------------------------
>
>
>
> _______________________________________________
>
> general mailing list
>
> general at openid.net
>
> http://openid.net/mailman/listinfo/general
>
>
>
>
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>

-- 
Nat Sakimura (=nat)
http://www.sakimura.org/en/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080321/b024615f/attachment-0002.htm>