[OpenID] Yahoo OpenID UX Study

[Martin Atkins]

SitG Admin wrote:
> Martin - those are excellent points about using a few big providers to 
> shift users' awareness a bit at a time. I'm worried about what happens 
> when we get midway, though - will users continue to transition the 
> rest of the way, or get stuck at the point of "SSO is done by big-name 
> sites."?
>
>> I agree that at this point users shouldn't be seeing the name "OpenID"
>> as the primary brand for logging in.
>
> Interesting thought, there - should OpenID be the underlying 
> technology, and respective implementations the actual brand names? I 
> think it's important for big providers to have high visibility of the 
> OpenID technology, so users aren't misled into thinking that the 
> underlying technology is created/owned by those big sites - if they 
> were to then see the same service offered at many smaller sites, 
> OpenID could be seen as "something made by large companies that was 
> later opened to smaller sites" instead of what we can *now* clearly 
> see as an open technology that is available to ANY site.
>
> Something like the proudly displayed Verisign logo, where sites show 
> off that their security is confirmed by a highly reputable name - if 
> the big sites could showcase OpenID in that same way, that would be 
> really neat :)
>
I should probably have completed that thought.

I was referring to the "login page" (or equivalent) specifically. What I 
meant was that RPs should be providing big, prominent buttons to log in 
with big providers and then put the generic OpenID login box somewhere a 
little more obscure so that those who know to look for it can find it, 
but normal users aren't confused by it. A button that says "Log in with 
OpenID!" alongside the "Log in with Yahoo!" and other buttons could do 
the trick; presumably then users will just dismiss it as a brand they 
don't recognise amd move on.

Once they've got past this initial hurdle, it might be useful to 
introduce them briefly to OpenID during the login transaction, though 
not to the point where it gets in the way of doing whatever the user was 
trying to get done. If we can just get the mental model of users to 
switch away from sharing usernames/passwords I think that'd be a great 
thing; they might start to recognise the OpenID brand along the way -- 
even if they don't know exactly what it is --  but I don't think we 
really want it up in the user's face at this point. OpenID is a bit of 
technology, and isn't really that interesting to end-users in and of itself.

My hope is that moving forward we'll get OpenID support into browsers 
and users can find out about it by that route. Once browsers can help 
users to log in rather than relying on complicated per-site UI it'll 
open up the possibility of getting rid of these provider-specific login 
buttons on sites. That's probably going to require some more spec work 
so that users can get things configured easily, without faffing about 
entering OpenID identifiers, but I don't think it's an amazingly 
difficult problem technically.