[OpenID] [LIKELY_SPAM]Re: [LIKELY_SPAM]Re: Combining Google & Yahoo user experience research
Chris Messina
chris.messina at gmail.com
Wed Oct 22 23:06:57 UTC 2008
On Wed, Oct 22, 2008 at 4:02 PM, Martin Atkins <mart at degeneration.co.uk> wrote:
> Chris Messina wrote:
>>>
>>> * Enter an identifier for anyone who uses the same service as you use,
>>> then
>>> choose a sensible identifier at your OP.
>>
>> This is the way that Yahoo does things today.
>>
>
> Indeed. And I've been complaining to Allen Tom about this in a parallel
> thread! :)
I think we're saying more or less the same thing, in different ways.
The major difference is whether the email identifier that's presented
at the time of sign in should be used in its entirety. The examples
I've provided lead me to say no, though I support the point that
you're making about reducing the onerous extra step that RPs tend to
force on OpenID users today (that is, verifying their email out of
band during the signin flow).
I think for trusted OPs (determined by the RP), the email address that
is provided could be considered to be verified. It's just not really
done that way today, from what I've seen.
I also think that if we could force the provided email identifier to
also be the claimed identifier, then we should. I just don't know that
we can, either with the protocol that exists today, or with the
concerns about privacy (though there's no reason why those who are
privacy-paranoids couldn't just learn to only enter in a domain and do
directed identity or use identifier select). If we're talking about
the 99% use case, I think most people will, as you suggested, enter
their actual email address, in which case, if we can actually reuse
it, then awesome, we should.
Chris
--
Chris Messina
Citizen-Participant &
Open Technology Advocate-at-Large
factoryjoe.com # diso-project.org
citizenagency.com # vidoop.com
This email is: [ ] bloggable [X] ask first [ ] private
More information about the general
mailing list