[OpenID] Yahoo OpenID UX Study

[Peter Watkins]

Thank you, both for sharing this information, and for 
continuing to improve your OpenID offering. We're 
weeks away from launching our first app that will support
OpenID logins, and Yahoo! is the only specific OpenID
provider that we intended to highlight & make easy for
our users -- largely because you're the only "big player"
that now has https OP URLs (https://me.yahoo.com). 
(Frankly, I'd love to add AOL, but as long as they don't have 
https OP addresses, they're out.) Anyhow, I am very glad 
that you're streamlining the process for Yahoo users -- 
this helps both you & RPs like us, too. 

As for UI, our plan is to have the login page offer three options:
 * use your Example.gov account [our system]
 * use your Yahoo! account
 * use another secure (https) OpenID account

Only if the user clicks on the Example.gov option will
our "local" login username/password form appear.

Since we know the Yahoo OP https URL, we intend NOT to display
any OpenID input control if the user clicks the Yahoo! link.
I've always suspected what you discovered -- that login forms
like idselector.com's (which still doesn't understand the more
secure me.yahoo.com URL???) that show the user an OpenID URL
and force them to clock Sign in again are confusing. The most
that IDSelector should do for "educational" purposes is 
disply a message like "Asking the OpenID service at 
https://me.yahoo.com/ to log you in with a Yahoo! account..."

If the user clicks the generic OpenID link, we'll display a
"traditional" OpenID login text input control. We'll use client-
side Javascript to help users fill this out.

(Yes, we'll allow arbitrary OpenID URLs, with one requirement
-- the OpenID claimed ID must be an https URL. So folks using
premium OPs with secure identifiers will be welcomed.)

-Peter