[OpenID] Combining Google & Yahoo user experience research

Eric Sachs esachs at google.com
Tue Oct 14 19:28:51 UTC 2008


>> I think you're saying that an RP has the option of using the OpenID
protocol, bound to a specific IDP, simply to avoid building its own login
system.  I guess so, but in this case OpenID itself is overkill (and is an
implementation detail -- SAML or OAuth or an IDP-specific protocol could
solve the problem nearly as well).
Yep, and that is why Google, MySpace, and some others are working on a
merged OpenID/OAuth protocol to optimize this use case.  However until we
have a merged protocol, many websites in this scenario would prefer to use
OpenID and OAuth separately while they wait on a merged protocol.

On Tue, Oct 14, 2008 at 11:16 AM, John Panzer <jpanzer at acm.org> wrote:

> Eric Sachs wrote:
>
>> ...
>>  And those UI guidelines are complete overkill for a website who is
>> willing to just use a single IDP and completely eliminate its own legacy
>> login system.
>>
> I think you're saying that an RP has the option of using the OpenID
> protocol, bound to a specific IDP, simply to avoid building its own login
> system.  I guess so, but in this case OpenID itself is overkill (and is an
> implementation detail -- SAML or OAuth or an IDP-specific protocol could
> solve the problem nearly as well).  I don't think the OpenID community
> should discourage this use of the protocol under the hood, but from a
> branding perspective I think it would be bad as well as confusing to users
> to have OpenID even mentioned.
>
> John
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20081014/eb448fb5/attachment-0002.htm>


More information about the general mailing list