[OpenID] OpenID UX and IIW session
George Fletcher
gffletch at aol.com
Tue Nov 11 13:46:36 UTC 2008
Hi,
I'm sure there will be an IIW session on OpenID and UX so I wanted to
ask that the following case be included in the discussion.
If a popup window is used for the authenitcation flow (e.g. Facebook
connect), then what do we do in the case that the user is already
authenticated to their OpenID Provider and has previously given
permanent consent to the site to receive their authentication (and
possible SREG) data?
I believe that right now, there would be a popup window flash. This
seems like it might be a little scary for normal users.
This could be mitigated by doing an "check_immediate" first but in that
case, the user would have had to at least given their OpenID so that
site could do discovery.
I suppose we could try and rely on cookies, and cookie the user with
their last chosen OpenID Provider, but this makes it difficult with
users with multiple accounts from different OPs (and gets a little weird
in the directed identity case). Also, I only allow cookies per session
so that would break the experience for me as well.
Thoughts?
Thanks,
George
More information about the general
mailing list