[OpenID] Combining Google & Yahoo user experience research
Martin Atkins
mart at degeneration.co.uk
Tue Oct 21 19:35:15 UTC 2008
SitG Admin wrote:
>> We should never ignore any part of what the user enters.
>
> That's what I thought, but then Directed Identity takes 'me.yahoo.com'
> and wants to turn it into a more meaningful username ;)
>
If you read "me.yahoo.com" as "me at Yahoo!" then it makes sense.
Yahoo!'s implementation is interesting in that (at least, when I last
checked, which was admittedly several months ago) even if you enter your
own identifer rather than the OP identifier it'll ignore the supplied
identifier and just verify the authenticated user. This has the same
effect as ignoring the user part of the email address; a user can be
unexpectedly switched to a different user account. This is particularly
troublesome when delegation is used.
More information about the general
mailing list