[OpenID] OpenID UX and IIW session

Chris Messina chris.messina at gmail.com
Wed Nov 12 01:07:56 UTC 2008 

One possible solution would be the Blogger faked "posting" flow... where
they added a 1-2 second delay when posting blog entries back in the day
because it happened "so fast" that people thought that the blog post had
failed (seriously, we were coming off of dial up fumes).
I wonder if we shouldn't inject a semi-faux "...signing you in to your XXX
Account..." delay that would take care of the signed in/check_immediate
cases mentioned. The flow would be consistent and momentary and ultimately
could be made to take no longer than existing sign in flows.

I have practical question: will RPs actually abide by the recommendation to
support popups? My instinct says no, and that many will use the same window
or a lightbox. Are we concerned about this? Do we have any leverage to force
a certain approach besides shame?

Chris

On Tue, Nov 11, 2008 at 3:19 PM, Praveen Alavilli
<AlavilliPraveen at aol.com>wrote:

> One of the big problems with using checkid_immediate is that several
> OPs break iframes - so there is no reliable way of doing async with
> checks with out doing a redirect inside the same browser window or in
> a popup.
>
>
> On Nov 11, 2008, at 5:46 AM, George Fletcher <gffletch at aol.com> wrote:
>
> > Hi,
> >
> > I'm sure there will be an IIW session on OpenID and UX so I wanted to
> > ask that the following case be included in the discussion.
> >
> > If a popup window is used for the authenitcation flow (e.g. Facebook
> > connect), then what do we do in the case that the user is already
> > authenticated to their OpenID Provider and has previously given
> > permanent consent to the site to receive their authentication (and
> > possible SREG) data?
> >
> > I believe that right now, there would be a popup window flash. This
> > seems like it might be a little scary for normal users.
> >
> > This could be mitigated by doing an "check_immediate" first but in
> > that
> > case, the user would have had to at least given their OpenID so that
> > site could do discovery.
> >
> > I suppose we could try and rely on cookies, and cookie the user with
> > their last chosen OpenID Provider, but this makes it difficult with
> > users with multiple accounts from different OPs (and gets a little
> > weird
> > in the directed identity case). Also, I only allow cookies per session
> > so that would break the experience for me as well.
> >
> > Thoughts?
> >
> > Thanks,
> > George
> > _______________________________________________
> > general mailing list
> > general at openid.net
> > http://openid.net/mailman/listinfo/general
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>



-- 
Chris Messina
Citizen-Participant &
 Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is:   [ ] bloggable    [X] ask first   [ ] private
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081111/731532af/attachment-0002.htm>

More information about the general mailing list